Pass headers/SSO

So I've found myself in a whole new world I've never really had to deal with before -- SSO.

First route I tried, was just having a form auto submit itself posting the variables I need to the SSO mechanism..It works, but our encryption string is parsed differently in some browsers (Safari).

Then, I tried using the Notes C API and a function called SecTokenValidate..This works on our server, but has to run on a Domino server due to encrypted data on our side...so I'm SOL there.

We have also used an md5 hash with a salt, and sent the username and md5+salt across and verified on the other server, but again this was done simply auto submitting a form via javascript.


So now that I've explained what I've tried, I have a couple questions.

#1 What kind of SSO mechanisms does everyone use, and perhaps if you explain them it might help me out.

#2a Is there a way to manipulate the headers of a page I am attempting to re-direct to?
OR
#2b Is there a way to POST programmatically to the server AND have the page load up in their browser with the proper URL (I have Java, and LotusScript (VBScript) at my disposal)

Any feedback is appreciated. The way we're doing it now is messy and it is only in place until I can find a suitable replacement.