Security is actually a very strong point of Seam. Seam has its own security framework that does much more than most other web app security frameworks. It provides permission-based, and role-based access controls at the object level.
I am not sure how the OS native SSO works -- does the browser pass through some kind of security token to the web app? Can you just make the browser remember the username / password and auto-login?