Recently, we are integrating Kylin with our SSO service based on CAS. In our case, SSO provide only authentication but no authorization. Because our LDAP service is not used for application specific information management, we plan to use the built-in user/group services to manage their authorities (as in testing profile).
I am doing some work with CAS authentication to make it work along with form login in Kylin. I dont know whether it is a common case that user need to be authenticated by an SSO and will be managed for roles/groups in Kylin itself when LDAP is not available. I'd like to share it for someone in need.