Single sign-on for the user portal

I want the users to login at the website only once. Through the web site, I want them to access the user portal on the FreePBX box. However, I do not want them to login using their extension and vm password again.

Is a solution already exists as this seems to be a fairly common req?

How complex are the code changes?

Its actualy pretty complicated, as the admin sign on to freepbx is in no way linked to any specific extension, where as the ari is (generally) extension specific.

A suggestion:

Can we expose an interface to do authentication either using openLDAP or openId?
Zend Framework has some support for it in PHP. Can we have something like that for FreePBX? That way, we will be able to jump from one Asterisk server to another from the same web site. i.e. Imagine 10 Asterisk servers each having 100 users.
A user logs into one web address. The website will have a mapping to the server that hosts his account. The user is taken to the portal on that server - already logged in.