I was looking at ways to authenticate users in a web app, but in a way where the main web app doesn't need to process the password. Something like OpenId, but the authentication server would definitely need to be hosted on an intranet, internet services can't be accessed by the application server.
My environement is pretty much Java web apps, but it would be interesting to connect the system to other type of apps as well.
You could run your own OpenID server.
You didn't mention your environment, but another option is to use Windows Authentication with Active Directory if you're running in a Windows domain situation.
Do you want to have single sign-on between applications? (That is, if the same user is using more than one of your web apps, if they've logged in on one, they don't need to log in again when they move to another one.)
If so, there are several options, The one I've used extensively is CAS (the Central Authentication Service), which is widely used in educational institutions. It has a variety of client libraries for many languages, and the server part is Java.
This can of course be combined with LDAP to give both single sign-on and a single repository of user credentials.