Provide an abstract Seraph authenticator for SSO authenticators to subclass that reduces the plumbing code required to interact with Embedded Crowd

This is currently the most comprehensive version I have so far compiled of the code a custom SSO authenticator for Seraph must provide in order to not break any of the functionality in Confluence: https://bitbucket.org/jaysee00/example-confluence-sso-authenticator.

It would be great if we could roll this code into JIRA so that sub-classing it was super easy.

From https://issues.jasig.org/browse/CASC-242

We have set up our CAS-integrated JIRA with a User Directory of type LDAP Directory with Local Groups with Default Group Memberships to be "jira-users,confluence-users".
If I remove the CAS configuration (ie revert web.xml and seraph-config.xml), on first login of a user synced from LDAP, the user is added to the groups as expected. However, with CAS configuration included, the user is not added to the groups and so cannot see anything beyond what Anonymous users can see.
I have contacted Atlassian Support about this, and they said I should contact Jasig. Note our CAS integration has been working fine for a long time in other respects.