If you architect many secure Web applications, authentication and authorization are always important concerns. Defining an architecture so that users can sign on to many n-tier Web applications only once—regardless of who built the applications, when they were built, or what kind of OSs and application servers they run on—is always a big challenge. Here, Jian Zhong and Mike Lehr present a single sign-on (SSO) architecture using their real-world experience in developing n-tier Web applications for the Energy Information Administration (EIA) of the US Department of Energy. Discover how they solved this business problem using cutting-edge Java 2 Platform, Enterprise Edition (J2EE) technologies. (2,500 words)