I take he was thinking of the default SSO implementation that is given as example within jforum - namely "RemoteUserSSO" - which simply asks if there is a remoteUser set in the request.
You can write any own implementation too, to validate that a user has been signed on within the surrounding applications ... and if the session is still valid. After you did, modify the settings within systemglobals.conf or preferably jforum-custom.conf and correct the sso-implementation entry, now pointing to the new sso file you just may have created ...
The documentations for sso probably are still somewhat out of date ^^
But it's actually quite easy to understand once you look at the source files
[originally posted on jforum.net by Sid]