An error occurred while saving the commentSteve C commented
One could use Kerberos for SSO. This has been integrated into Web servers many times, so plenty of documentation out there. One only needs to get a ticket from Kerberos (which usually has a life time of 8 hours) and then log onto any Kerberized system with no password after getting the ticket.
But then... you would have to manage a Kerberos server.
Only LDAP systems that i've encountered that supported SSO had Kerberos on the back end.