Security is actually a very strong point of Seam. Seam has its own security framework that does much more than most other web app security frameworks. It provides permission-based, and role-based access controls at the object level.
I am not sure how the OS native SSO works -- does the browser pass through some kind of security token to the web app? Can you just make the browser remember the username / password and auto-login?
example, users logged into windows desktop can seamlessly access seam apps without login
I have actually been working through this with JBoss Negotiation and Kerberos authentication. The UserPrincipal gets initialized in the web context by JBoss Negotiation and you can use this principal to auto-login the user with a custom authenticator. Your authenticator can also use the user information to retrieve the roles associated with the user or if you are using Seam 2.1 by providing a role identity store. You can also provide an identity store for fallback authentication (e.g. through LDAP or some other means) should the Kerberos authentication fail.