Although, it maybe a bit off topic, but have you considered using Keycloak instead of a Tomcat Valve approach for doing SSO? Keycloak is pretty simple to setup. Also, Tomcat is being replaced by Undertow in JBoss EAP 7 so you may run into upgrade issues.
I'm open to suggestions, so I'll have a look at the Keycloak solution.
Does Keycloak meet the requirements?
- 2 webapplications
- 2 server instances (standalone)
- custom security provider
Any help is greatly appreciated, because I can't find any documentation about this ..