In principle the solution depends on the question against what the SSO is performed.
Concerning Mendix, it does not constrain you in which protocol to use since you can override the authentication mechanism. We have an existing solution for Kerberos/ Active Directory.
For third party applications it hugely depends on the architecture of the third party application. We managed to extend our python written forum (this on) and the Confluence Wiki system.
Note: Be sure to not confuse Single Sign On with Centralized Authentication (most people do)
We use the SSO mechanisme with the SAML module from the appstore. It works in the standard and the putty cloud. SAML is used widely with a lot of other systems. Works like a charm.
Regards,
Ronald