If all of the applications run on different servers, you will need at least one trusted server to maintain users' passwords for all applications (unless you can guarantee that each user uses the same username/password pair for each application).

In your case, it would make sense to have the portal be the server to maintain all of the passwords. This will allow the portal to accept user logins while requesting application content with each user's login information. A major problem with this method is that you will need to ensure that the portal (or login server) is kept informed of all user changes (new users, removed users, updated passwords) for each application.

If you have control of the applications and can modify their source code, you could move all of the authentication to a separate server. This would allow users to maintain one username/password pair for all applications, and would allow the portal to request information from applications while supplying each user's authentication information retrieved from some authentication server.

My organization is in the process of moving authentication to a separate server to allow for a portal as described by novitiate, and it seems to work well--for both end users and developers. But setting up the infrastructure is taking quite a bit of effort. I would be interested in hearing about how others have tackled this problem.