We implemented a CAS solution at my work place, and proceeded to expend great effort in building a web service integration layer.
Then, after 9 months or more when the whole shebang was more or less complete, we descovered Atlassian Crowd and felt that this great web service SSO thing we had built was pretty much wasted effort. So, to save face, we decided to use our home-grown system and not tell anyone about Crowd.
The only advice I can give is to try out as many alternatives as possible and choose very carefully. Otherwise you can quickly find yourself locked into the wrong solution.
I don't know what your business requirements are (e.g. security), but you might consider OpenId. It allows multiple identity providers (with their own level of security), and multiple relying parties. There are several open-source Java client libraries (as well as libraries in other languages), and even a few open-source server projects. Anyone with an AOL, Yahoo, or Google account already has an OpenID identity. Or you can create your own with providers like MyOpenId.
WHOOPS - I forgot that we're all using OpenID to authenticate with StackOverflow, so you're probably already at least aware of it!
I'm clearly very biased (working on OpenSSO at Sun), but I found a presentation recently that you might find useful: Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-On.
A couple of comments on other answers - OpenID is a protocol, not a framework; the two are pretty much orthogonal. OpenSSO can do OpenID (currently as an OpenID 1.1 Provider, but there are efforts underway to do more). Also, I agree 100% with Christian - look carefully, do a couple of proofs-of-concept, and choose wisely. Good luck!
We are currently implementing CAS at my college. We are using it to create a single sign on between our school's portal (written in Java) and all of our in house web based applications that are written in PHP. We will eventually integrate it in with other services such as Moodle, which is also written in PHP.
I can't say enough good things about CAS. It's a little bit confusing to get at first, but when you figure it out the whole process becomes easier. There are many different clients that you can use, along with many different authentication protocols. We use it to authenticate against our Active Directory, but OpenId is also supported.
Prior to switching to a Novell solution at work, we implemented a series of services around the openSAML1.1 library. (https://spaces.internet2.edu/display/OpenSAML/Home/). The unit tests they provide have enough code to give you a really good head start in using their library.