Hi Cynthia,
as a dummy login I thought of a local user (inserted into the sas users group), with only the right to read and execute the SAS Stored Process (so that none could ever do any damage with that kind of user).
What I've found is that I can pass in the GET request for the SAS Stored Process Web Application the variables _USERNAME and _PASSWORD (pwencoded)...my basic idea is to try to build a simple servlet, which will call the SAS Stored Process url, pass (possibly in the POST instead of the GET) the authentication parameters, and then show the XHTML flow generated by the SAS Stored Process...
That should work, IMHO...