We have a load of intranet apps, an are considering a single-sign-on solution.
For J2EE these system follow two models:

• Either through a servlet filter
• or a special hook (authenticate(thisServletRequest))
  which for the application does not make much of a difference.
  So it would help a lot if JIRA (and "the new one" ) would support a configurable method to getTheUsersIdentity from an external system.

This should not be that big a deal, maybe it's even there - but then I would need a point where to look at. I haven't found it yet.
And yes, we presumably would build an integration with Yale's CAS.

– ingomar