Hopefully these notes will evolve into a more formal tutorial.
This example assumes user roles are stored in a database like so:
Currently works with SAML 1.1 from jasig or by utilizing
server add-on https://github.com/Unicon/cas-addons/wiki/Configuring-JSON-Validation-Response ( server version 3.5.1 and above )
and client add-on https://github.com/Unicon/cas-java-clients-addons ( client version 3.2.1 )
(for CAS 2.0 see http://www.ja-sig.org/issues/browse/CAS-655).