SSO with CAS

CAS is typically setup as a request filter: https://wiki.jasig.org/display/CASC/Using+CASFilter

This does the hard part of ensuring the user is authenticated. Now, to pass the username to InetSoft products there is an extra parameter to enable.

<init-param>
  <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
  <param-value>true</param-value>
</init-param>

By wrapping the request, the REMOTE_USER will be set in the HTTP header. InetSoft products call getRemoteUser() and use the returned value as the username for Single Sign-On, so the rest just works.