In an earlier blog article, it spoke to the many individual Single Sign-on implementations available. Stepping back a bit, however, we can take a look at SSO from the perspective of 3 distinct types. The services can be categorized into Windows integrated, extranet, and intranet.
Windows Integrated Single Sign-On
This allows internal users to connect to more than one app on your network using a common authentication method, usually the morning Windows login with an Active Directory account. This is the initial (and single) login for the day. Windows integrated enabled, protected resources can then request and process security tokens. The most common example of a Windows integrated protocol is Kerberos.
Extranet Single Sign-On (Web SSO)
Connect to multiple web sites which belong to different vendors/service providers. Users log into any federated web site with a single set of credentials and then are not prompted when logging into other sites in the same federation. The key here is that any of the federated web sites can be the first one logged into that day, and SSO will be realized to the other sites using a security token generated by the designated authentication provider. One of the key ideas is the omission of all users needing to be in the same domain as with the Windows integrated solution. The most popular protocol for federation is SAML.
Server-Based Intranet Single Sign-On
Connect to multiple heterogeneous applications and systems in an enterprise environment. A single master server and satellite SSO servers work together to provide access to the resources protected by the system with a single set of credentials. Each application has its own repository of users and the passwords contained within each repository are kept synchronized to each other.
Hopefully, this brief introduction to the various SSO technologies will help to jump start your research into the SSO realm and get you pointed in the right direction. For more information, many people have had success working with PortalGuard from PistolStar.