A flexible security framework for Rack (and Rails) apps. Good for integration with legacy systems, CAS SSO (including proxying), machine and interactive authentication, and much more.
An update: we saw an instance of this occurring in one of our CAS-using applications today. The CAS server recognized a username of the form [SPACE]name, but the application didn't.
Leading or trailing whitespace in a username is never significant. Aker should remove any present before validating credentials.
This could be done generically at the composite authority level so that individual authorities and modes don't have to duplicate the logic.