Most of the MindTouch sample code available in the wild is in PHP or C# so integrating with a Java stack can be painful. Here's a snip of the code we used to support SSO with our Java-based SaaS platform. The HttpClient framework is version 4.1 of Apache's HttpClient
Update: Modified to skip Cookie parsing based upon bjorg's comment
private boolean parseAndSetMindtouchCookie(final HttpServletResponse response,final DefaultHttpClient client,final User user) { StringBuffer buf = new StringBuffer("http://"); buf.append(this.MINDTOUCH_HOST).append(this.MINDTOUCH_BASEURI).append("users/authenticate?authprovider=1&apikey=").append(MINDTOUCH_APIKEY); HttpGet get = new HttpGet(buf.toString()); try { ResponseHandler<String> responseHandler = new BasicResponseHandler(); String responseBody = client.execute(get, responseHandler); javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("authtoken", responseBody); cookie.setDomain(".example.com"); cookie.setSecure(false); cookie.setPath("/"); cookie.setMaxAge(3600); // 1 hour response.addCookie(cookie); log.debug("Successfully set mindtouch auth cookie"); response.sendRedirect("http://"+MINDTOUCH_HOST); return true; }catch(HttpResponseException hre){ if(hre.getStatusCode() == HttpStatus.SC_UNAUTHORIZED ){ log.debug("User has no Mindtouch account."); }else{ log.error("Unable to auth user.",hre); } } catch (Exception e) { log.error("Unable to authenticate user",e); } return false; }