I know about Keyshield/NAM but would like to notice that both are another products (and Keyshield is a 3rd Party) and adds cost into the Project.
Why there is no Windows Native solution at the moment? With Desktop that will be pretty easy as we have all credentials in place after successful Windows authentication&authorization.
With Web I'm in doubts as I have no too much knowledge about Web... but I heard there are a lot of ready-to-use recipes for Web SSO.
That'll be great if we will have SSO in Filr, this will minimize the amount of request for problem related with login, security etc. About Security: right now we're in trouble with Filr and AD Security Policy, if there is a setting on AD side which limits unsuccessful attempts and this limit lower than 6 attempts (6 attempt is hardly-coded in Filr AFAIK) - it leads to account lock on AD side. This creates a lot of pain in the ass for administrators as in big infrastructure it may lead to mass-locking in case if somebody just try to try accounts one by one (this is a real story told me by customer). SSO will eliminate this problem as there will be no Login Window at all.