Rails: single sign on session based authentication

I am using a single sign on authentication system in front of my rails application so you cannot access the application at all until you have authenticated through our business authentication system.

Once authenticated I want to set up role based Authorization but I believe I still need to set up some sort of User model for this to work.

I am keen to use cancan for authorization, and possibly easy-roles for the roles. but how do I go about registering the current logged in开发者_运维百科 user? I have simply been accessing the session variables up until now.

I cannot use the session variables for the roles as I do not have any control over our single sign on system.

I have searched for some simply how to's but haven't been able to find one.

I have created a controller for Admins and entered all the admin users into that and am simply going to implement very basic authorisation like in ryan bates early railcast : http://railscasts.com/episodes/20-restricting-access

I am restricting access on each controller and in the views. I feel its a little dirty, but it works.

In the admin checking function I check to see if the sessions user credentials are in the table:

helper_method :admin?

def admin?
  admin = Admin.find_all_by_username(request.env["SPEP_ATTR_uid"])
  if admin.empty?
    false
  else
    true
  end
end

def authorize
  unless admin?
    flash[:error] = "unauthorized access"
    redirect_to home_url
    false
  end
end