Welcome to the JavaRanch, Sandy!
Not only is it possible for the same machine to host both Tomcat and WAS, I've been
required to do so on more than one occasion. The default ports used by the 2 servers are different, so no special installation configuration is required.
SSO is easy in Tomcat as long as you're not using a Do-It-Yourself security system. The
J2EE standard security framework actually doesn't know if you have SSO or not at the application level, nor does it care. You simply configure the webapp(s) to use an SSO-supporting Realm, such as CAS.
One-off DIY security systems and SSO are a different matter, since each SSO app would have to be using the same security subsystem, and that pretty much means that all the apps had to have been designed by the same people, unlike the J2EE standard, where anyone in the world has access to the same public standard.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.