I just finished creating a demo install of a suite of Single Sign On capabale Rails apps for a customer. We decided to go with CAS for the authentication management, largely because it is OSS but also because install is just dead easy (copy cas.war into the /webapps folder under Tomcat, restart Tomcat).
Likewise, installing the Ruby client for CAS was just as easy: ` >sudo gem install rubycas-client `. Once that was taken care of, I just had to configure the individual Rails apps to use CAS for authentication. According to the docs for the client, you just have to add some metadata to `environment.rb` that tells CAS where to go for authentication, and a filter to `application.rb` to launch the process. I found that there were a couple of really important things missing from the instructions, especially if you want to test locally.
request.username: `CAS::Filter.wrap_request = true`.
That's not a lot of gotchas for such a great piece of functionality. I'll post more details as we roll the implementation forward and if we see any other issues, but for now, we're very please with how easy it is to get CAS set up and working with our multiple Rails apps. Go Yale!