The Java Open Single-Sign On
I am wondering why there are still some developers out there doing single-sign on the hard way. Talking about reinventing the wheel? Looking at JOSSO or the Java Open Single-Sign On, there's much to achieve from this tool. Although I haven't tested it yet, but it should comply to the JAAS standards. And by open source standards(if you know what I mean), JOSSO is decently documented. The Reverse Proxy Support is quite promising, it allows you to create multi-tier single sign-on configurations.