The sso-client.jar contains all the code that deals with logging in, logging out and retrieving the logged in users information. This is all done with multiple redirects and a lot of encryption, but this is all abstracted away by the SSOClientFilter, ShireServlet and LogoutServlet.

When configured in a web.xml like this:

<context-param>
  <param-name>ssoclient.config</param-name>
  <param-value>/sso-config.xml</param-value>
 </context-param>        
       
 <filter>
     <filter-name>SSOClientFilter</filter-name>
     <filter-class>uk.ac.warwick.sso.client.SSOClientFilter</filter-class>
 </filter>
       
 <filter-mapping>
        <filter-name>SSOClientFilter</filter-name>
        <url-pattern>/*</url-pattern>
 </filter-mapping>
       
 <listener>
     <listener-class>uk.ac.warwick.sso.client.SSOConfigLoader</listener-class>
 </listener>
       
 <servlet>
     <servlet-name>ShireServlet</servlet-name>
     <display-name>Shire</display-name>
     <servlet-class>uk.ac.warwick.sso.client.ShireServlet</servlet-class>
 </servlet>
       
 <servlet>
     <servlet-name>LogoutServlet</servlet-name>
     <display-name>Logout</display-name>
     <servlet-class>uk.ac.warwick.sso.client.LogoutServlet</servlet-class>
 </servlet>

SSOClientFilter, once it has done all of its work just puts a User object in the request scope under a certain key (usually SSO_USER, but configurable in the sso-config.xml). If the user is logged i it will be a logged in user, if not, it will be anonymous. Simple as that.