It would be nice to have some single sign on authentication like CAS or SAML2 to add this application to an existing environment.

Second! Also possibly an http-header authentication (where only a username header is needed). I use nginx to authenticate my services, and simply pass the user header to the service which returns session info.