A customer had three webapps. The set of users for each webapp is different. So, they don't want single signon behavior. They do want HttpSessionReplication to take care of the credentials so that the user doesn't need to sign on when redirected to another server. It was found that we needed to enable clustered single signon to get this to work.