I went back and cleaned up some of the debug cruft that was left behind. I wrote a few tests based on the existing ones. I totally failed in doing this for users_controllers_spec.rb so I reverted my work there so that the tests would continue to run. A short discussion of why adding CAS is here http://meta.discourse.org/t/plans-to-support-single-sign-on-cas/4463/5
I broke the commit into two parts. The first is purely CAS and the second allows for deactivation of local logins as .edu’s in the US frequently need to limit access to current active students, staff and faculty due to privacy issues. I broke this out as it will probably get rejected and I understand that and wanted to make it easier.
The following is meant purely as a compliment. Because of the well structured code and use of OmniAuth it only took me an hour to do the initial work. I have added CAS to a number of internal and external apps and this was by fair the most pleasant do work on ever.