so let me understand this correctly.
you have a university portal and you are creating a JSR168 portlet and integrating this into the university portal?
If thats the case, when a user signs on to the university portal using the so called blue-stem method you described,
the portlet running inside this university portal will be running in the authenticated state.
Again, based on your explanation, i am assuming the portlet is running inside the university portal where the user is logging in. Is this assumption correct?