Actually I built a single sign on system for a Rails app and a WordPress site many years ago, based on Devise and probably (can't remember) some PHP code on WP. Probably also a Rails+phpBB SSO. They were meant to be short lived services and luckily they did. The reason is that in a mixed language / framework environment it's better to have some centralized authentication and authorization service and a standard API to access it. Having to write and maintain N adapters is going to take a toll on the development team. However I never self hosted a service like that so I don't want to give any suggestions about what to use.