One could use Kerberos for SSO. This has been integrated into Web servers many times, so plenty of documentation out there. One only needs to get a ticket from Kerberos (which usually has a life time of 8 hours) and then log onto any Kerberized system with no password after getting the ticket.
But then... you would have to manage a Kerberos server.
Only LDAP systems that i've encountered that supported SSO had Kerberos on the back end.
One could use Kerberos for SSO. This has been integrated into Web servers many times, so plenty of documentation out there. One only needs to get a ticket from Kerberos (which usually has a life time of 8 hours) and then log onto any Kerberized system with no password after getting the ticket.
But then... you would have to manage a Kerberos server.
Only LDAP systems that i've encountered that supported SSO had Kerberos on the back end.