Hi Sonic.
I think there is some confusion in your post. First of all are you trying to access sharepoint in Core access (rewrite) or via WSAM.
Then, what is the authentication mechanism required for your sharepoint portal: NTLM ? Kerberos ?
If using core access, you should configure SSO under Web Policies > SSO > General, fill in the relevant data (e.g: constrained delegation or IVE intermediation for Kerberos or e.g: Domain_Name/Variable/<USERNAME>/<PASSWORD> for NTLM) depending on what authentication type you need for sharepoint.
Then configure a new SSO policy for the resource you want (resource: http(s)://your_sharepoint_portal_FQDN)
Please remember the following (from Admin guide):
1. Specify an IVE host name that ends with the same suffix as your protected resource using settings in the System > Network > Overview page of the admin console. (The IVE checks the host names to ensure that it is only enabling SSO to sites within the same Intranet.)
For WSAM:
It DOES support Windows integrated authentication (I guess that's what you call single sign on) in both NTLM (since 5.x) AND Kerberos (new since 6.4) but in this case it is not really single sign on. For this to work, the client PC must be already joined to the domain your sharepoint portal is belonging (or have a trustee domain relationship) and the local Windows user must also be a user of the same domain. In this case, Windows integrated authentication will also occur over WSAM. But that is very different story from Web SSO, in this case WSAM is just tunneling the native Windows NTLM/Kerberos authentication steps.
If it doesn't work for you then you should progress the issue through a JTAC case, because I got it to work OK in both scenario (against a Sharepoint 2007 portal).
Regards
Lionel
