I use squid to authenticate against Active Directory and Oracle Database (and easy to use any other repository as OpenLdap as I request the AD as a LDAP).
What I do is to use Squid as a reverse proxy that captures the URL. With the url, I request the user to authenticate (only once per session of navigator) and use the information of user/url to know if the user can access the url. The information is saved into groups of AD or Database.
In AD/database I also save which profile the user belong to, so it's a centralized and fast way of implementing security.
user type http://server/Apli/subdir/
I look for the user in "Apli" group of AD and later if user belong to "Apli@subdir" group of AD.
And squid allows you to rewrite URL, so you can send applications information no typed by user as:
http:/server/Apli/subdir/?user=username&profile=profileName&... (other information extracted from AD or DB).
Another important thing is than you can use certificates to identify users (and PCSC). And it's compatible for windows and Linux clients (and supposed that other OS).
I use squid and it's powerful and very, very stable.
I hope this can help you.