One of our project teams had been done a huge work onto integration whole new SSO service to several projects for one of our customers. The main idea was to forget about basic authorization and start routing user to authorize using one service to the multiple services.
Implementaion was done with using JBoss KeyCloack as the SSO service and master-data service which stores unique role based rights for each application. As emergency way of authorization final implementation has apportunity to authorize via basic auth if SSO service will be down or unreachble. The whole work demanded about two weeks and now it’s in production use and customer is fully satisfacted.