My team is developing a Common Authentication-SSO (CASSO) application to be used within a corporates LAN. Any Web application under the company's domain needs to authenticate the user through this CASSO before the User can access the application. Currently the older version has implemented BASIC/DIGEST and NTLM. However to improve the security concerns we are considering to have KERBEROS within the CASSO.
What Authentication and Security models/protocols shall be followed? Secondly shall Kerberos be implemented along with NTLM, BASIC and DIGEST or is it fine to have only Kerberos and NTLM?
I know it may look a dumb answer, but have you considered CAS? it does exactly what you're trying to achieve :)
Here is a Link
I've used it for implementing the kerberos based authentication for our web applications and it was wonderful.