Going by logic there will be two sets of "accounts". Say a google account and a mysite account. You need to generate mappings between these two accounts. When the user tries to sign on using google account, the actual validation will be done by google. mysite will invoke the validation process by using the SSO API exposed by google. Based on the validation result, mysite code will decide whether to let the user in or not.
You can find out lots about SAML SSO at [url=https://www.pingidentity.com/resource-center/]Resource pages at Ping Identity[/url] As you would expect, there is lots about our products and services, but there are also several pages about standards.
The Getting Started guide for our PingFederate product also includes a very detailed discussion of the standards: [url=http://documentation.pingidentity.com/display/PF/Supported+Standards]http://documentation.pingidentity.com/display/PF/Supported+Standards[/url]
At my company (healthcare), users may have to sign on to half a dozen applications. We have a team devoted to SSO, so that a nurse can sign on to the workstation once, and automatically get signed in to all the applications. I believe they use some 3rd party software to do this.
There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors