Check out the gatekeeper package - it passes the http request through to external applications and applies openacs security features. It does not provide a way to inform the external app about the currently logged in user though, it just allows or disallows access.