My solution is like the following:
I have a system called
Central, in which I manage the users and their passwords using
Ruby-CAS-Server system performs the authentication against this database, and
Ruby-CAS-Client is used to manage the authorizations and authentication.
And I have several other systems, for example called
Satellite, which authenticates using CAS and only have a simple
User Class to hold the properties coming from CAS after authentication, and
CanCan to manage authorizations, and no
Devise is used.