Single sign on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access. It eliminates future authenticaton requests when the user switches applications during that particular session.

Web Single sign on works strictly with applications accessed with a web browser. The request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authenticaton service and returned only after a successful authentication.

Shared Authentication Schemes which are not Single Sign-On

Single sign on requires that users literally sign in once to establish their credentials. Systems which require the user to log in multiple times to the same identity are inherently not single sign on. For example, an environment where users are prompted to log in to their desktop, then log in to their email using the same credentials, is not single sign on. Shared authentication schemes like OpenID, which require additional sign-on for each web site, are also not single sign on.

Reference:

http://en.wikipedia.org/wiki/Single_sign-on

http://www.cnblogs.com/guodapeng/archive/2008/11/19/1336583.html

http://www.ibm.com/developerworks/web/library/wa-singlesign/

http://www.josso.org/confluence/display/JOSSO1/JOSSO+-+Java+Open+Single+Sign-On+Project+Home

http://www.360doc.com/content/061004/13/73_222129.html

http://aspalliance.com/1545_Understanding_Single_SignOn_in_ASPNET_20

http://ginge.javaeye.com/blog/225778