Try here: http://justfuckinggoogleit.com/search?q=single+sign-on
Or here: http://www.google.com/search?q=define:single+sign-on
Or here: http://en.wikipedia.org/wiki/Single_sign-on (make sure you "check" all
of the See also stuff)

Hi

There are lots of SSO framworks and utilities out there.
You can just google sso java and get a lot of info.
However I currently use RSA Cleartrust but the basic idea of a SSO is
simple.
If you use a common repository for your apps then create a token in the
logon app and persist it in the shared repository or in a cookie and
validate it in the other apps and should contain info that will be used
to rebuild the session from it. Usually username should be enough. Bear
in mind that sensitive information should be encrypted.

also can have a look at: http://www.josso.org/

You can use filters for servlets, ore include de token verification
declaratively into your application security

Regards

If you can tie into IE with your app then you can take advantage of the
ability for IE to integrate with Windows authentication and therefore
utilize cached credentials on an XP client workstation (if it is joined
to a Windows 2003 domain and it sounds like it would be in your case).
This would alleviate the need for a user to have to input a username and
password to access your app but they still get authenticated simply by
having a Windows domain account.