To simplify sign on for all their employees, they use WebSEAL and SPNEGO to provide single sign on for all web applications. This way, an employee logs on to their workstation in the morning, and they are never prompted to log on again to other web applications.
As we deployed the Lotus Connections 2.5 Portlet, we ran into an issue. The portlet wasn't built to support an SSO solution in the middle (it mostly depends on WebSphere SSO which is based on something called LTPA token). At this point, I had to figure out how to change the portlet to support WebSEAL, so I went on and downloaded the source code for the portlet (isn't it nice when they make the source code available?)