I am working on a financial product which has used liferay 5.2 as their web framework,
vendor has send this to integrate the SSO,
a servlet filter which will have these
req.addParameter("_58_password", password);
// req.addParameter("_58_rememberMe", "off");
req.addParameter("_58_login", username);
req.addParameter("_58_cmd", "update");
req.addParameter("p_p_col_pos", "0");
req.addParameter("p_p_state", "normal");
req.addParameter("p_p_col_count", "1");
req.addParameter("p_p_id", "58");
req.addParameter("_58_struts_action", "/login/login"); ///web/guest
req.addParameter("p_p_action", "1");
// req.addParameter("p_p_mode", "view");
req.addParameter("p_p_lifecycle", "1");
req.addParameter("_58_redirect", redirectKey);

chain.doFilter(req, res);

then entry in web.xml as
<filter>
<filter-name>ssofilter</filter-name>
<filter-class>a.filter.class.name</filter-class>
</filter>
<filter-mapping>
<filter-name>ssofilter</filter-name>
<url-pattern>/web/*</url-pattern>
</filter-mapping>

it don't work well, it shows the login page when session expires, also it shows login page in some case,
Then vendor suggested followings.
1: in SSO env system should be setup in such a way the session should not expire.
2: With SSO there is a batch script that runs to "flush" when memory is full.
3: and then I fainted for two days.

from my view it shows web.xml already has, autologin can be used....
<filter>
<filter-name>Auto Login Filter</filter-name>
<filter-class>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</filter-class>
</filter>
my requirement is very simple, get the userId from header and create the session, remaining things are handled by upstream.
gentlemen your help/guidance will be greatly appreciated