diff --git a/README.md b/README.md
index 5e1a174..539884a 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,38 @@
# camunda-cas-sso
-Camunda CAS SSO plugin
+
+(Requires the normal CAS Tomcat authentication filters to work http://mvnrepository.com/artifact/org.jasig.cas/cas-client-core/3.1.10)
+
+Camunda CAS SSO Application Server Filter with user injection for debugging. Injects users into Camunda who were already authenticated using CAS.
+
+Currently makes all sections "available" to all users in the UI, but access rules are still in effect.
+
+The user to log in for debugging can be changed at the top of the filter class.
+
+The "webapp jar" consists of the zipped class files from the distribution's "camunda" webapp.
+
+https://app.camunda.com/nexus/content/groups/public/org/camunda/bpm/webapp/camunda-webapp/7.4.0/
+
+Installation:
+1. Import into Eclipse with Maven support.
+2. Add camunda engine and webapp jars to the build path
+3. Build a library jar file.
+4. Put the result in Tomcat's or the webapp's classpath
+5. Put Apache commons-logging in Tomcat's classpath http://commons.apache.org/proper/commons-logging/download_logging.cgi
+
+Activation in the webapp's web.xml:
+* comment out the normal "Authentication filter"
+* add the following filter description BEFORE the SecurityFilter
+
+(CAS filters themselves are omitted)
+```
+
+ Camunda CAS SSO Filter
+ de.hofuniversity.iisys.camunda.sso.CASSSOFilter
+
+...
+
+ Camunda CAS SSO Filter
+ /*
+ REQUEST
+
+```
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..f531aed
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,49 @@
+
+ 4.0.0
+ de.hofuniversity.iisys
+ camunda-cas-sso
+ 7.4.0
+
+
+
+ javax.servlet
+ javax.servlet-api
+ 3.1.0
+ provided
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+ 3.1
+
+
+ 1.7
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java b/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java
new file mode 100644
index 0000000..c94e48f
--- /dev/null
+++ b/src/main/java/de/hofuniversity/iisys/camunda/sso/CASSSOFilter.java
@@ -0,0 +1,130 @@
+package de.hofuniversity.iisys.camunda.sso;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.ServiceLoader;
+import java.util.Set;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.camunda.bpm.engine.ProcessEngine;
+import org.camunda.bpm.webapp.impl.security.SecurityActions;
+import org.camunda.bpm.webapp.impl.security.SecurityActions.SecurityAction;
+import org.camunda.bpm.webapp.impl.security.auth.Authentication;
+import org.camunda.bpm.webapp.impl.security.auth.Authentications;
+import org.camunda.bpm.webapp.impl.security.auth.UserAuthentication;
+
+public class CASSSOFilter implements Filter
+{
+ @Override
+ public void init(FilterConfig arg0) throws ServletException
+ {
+ //nothing to do
+ }
+
+ @Override
+ public void destroy()
+ {
+ //nothing to do
+ }
+
+ @Override
+ public void doFilter(final ServletRequest request,
+ final ServletResponse response, final FilterChain filterChain)
+ throws IOException, ServletException
+ {
+ if(request instanceof HttpServletRequest)
+ {
+ HttpServletRequest req = (HttpServletRequest)request;
+
+ //read and insert preauthenticated user
+ String user = req.getRemoteUser();
+
+ //for which process engine?
+ //TODO: make configurable
+ String engineName = "default";
+
+ Authentications authentications = Authentications.getFromSession(
+ req.getSession());
+ Authentications.setCurrent(authentications);
+
+
+ //create and add authentication
+ //TODO: read from register?
+// processEngine.getIdentityService().createGroupQuery().groupMember(username).list();
+ List groupIds = new ArrayList();
+ groupIds.add("camunda-admin");
+ groupIds.add("camunda-user");
+
+ Set authorizedApps = new HashSet();
+ authorizedApps.add("cockpit");
+ authorizedApps.add("tasklist");
+ authorizedApps.add("admin");
+
+ Authentication auth = new UserAuthentication(user, groupIds,
+ engineName, authorizedApps);
+ authentications.addAuthentication(auth);
+
+
+ Authentications.updateSession(req.getSession(), authentications);
+ //continue filter chain
+ try
+ {
+ SecurityActions.runWithAuthentications(new SecurityAction()
+ {
+ public Void execute()
+ {
+ try
+ {
+ filterChain.doFilter(request, response);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return null;
+ }
+ }, authentications);
+ }
+ finally
+ {
+ Authentications.clearCurrent();
+ Authentications.updateSession(req.getSession(), authentications);
+ }
+
+
+ //clean up
+ Authentications.clearCurrent();
+ Authentications.updateSession(req.getSession(), authentications);
+ }
+ }
+
+// protected ProcessEngine lookupProcessEngine(String engineName)
+// {
+// ServiceLoader serviceLoader =
+// ServiceLoader.load(ProcessEngineProvider.class);
+// Iterator iterator = serviceLoader.iterator();
+//
+// if(iterator.hasNext())
+// {
+// ProcessEngineProvider provider = iterator.next();
+// return provider.getProcessEngine(engineName);
+//
+// }
+// else
+// {
+// throw new RestException(Status.INTERNAL_SERVER_ERROR,
+// "Could not find an implementation of the "+ProcessEngineProvider.class+"- SPI");
+// }
+//
+// }
+}