Note that in both of these, the user is assumed to
have
already logged into
the central authentication system, and the web server is
handling the actual
authentication. Here's an extension that changes the login
and logout links
to redirect to the central system (warning, it is CDDL
licensed, which is
incompatible with the GPL!):
http://blogs.sun.com/superpat/entry/opensso_single_sign_on_extension
Here's an example that is GPL licensed, that does essentially the same thing
as the above: