Not only is it possible for the same machine to host both Tomcat and WAS, I've been required to do so on more than one occasion. The default ports used by the 2 servers are different, so no special installation configuration is required.
SSO is easy in Tomcat as long as you're not using a Do-It-Yourself security system. The J2EE standard security framework actually doesn't know if you have SSO or not at the application level, nor does it care. You simply configure the webapp(s) to use an SSO-supporting Realm, such as CAS.
One-off DIY security systems and SSO are a different matter, since each SSO app would have to be using the same security subsystem, and that pretty much means that all the apps had to have been designed by the same people, unlike the J2EE standard, where anyone in the world has access to the same public standard.
Customer surveys are for companies who didn't pay proper attention to begin with.