Look at our Single Sign On project as a starting point:
Here is the documentation
Also, for simple virtual host based single sign on approach, you can look at the Tomcat approach documented in our portal docs
Our web application is written using struts and I am using the struts bridge in order to allow it to run under the JBoss Portal. The logon JSP page for our web application invokes an Java action to handle the authentication.
I am not sure whether for the portal we should first make the user pass authentication or whether we should show the portal and only require authentification when the user tries to access a protected area.
If we require initial authentification then I need to invoke our logon JSP when the portal starts up. I can only guess that this would need to be done by modifying tomcat?
If we defer authetification then I am not sure how to cause the logon to occur when the user accesses a protect page or portlet.