in reply to CGI server module?
What I would generally do is this:
First, shove the entire authentication/authorization problem off to LDAP (OpenDirectory), where it properly belongs in any organization of any size. :-) Apache/Nginix can interrogate those credentials to grant or to deny access on a site-basis. (It can also make the user’s authenticated identity and authorized credentials known to the web application.) IIS is especially good at this.
Second, use redirects to send the user to a locally-defined destination such as, say, www.appname.mycompany.com. Or some appropriate intra-net location. Set up each application, more or less as-is, in each place.
Yeah, you’re darn right ... you passed the buck.