I previously wrote a blog entry regarding Liferay Sync and ways to authenticate the application even when using SSO (and not really having access to the SSO-password).

Apparently there was interest in seeing the code and hopefully using it. I published it on Github under my employer's organization (Uppsala University). 

The code is really written as a proof of concept, there are still things that would need to be changed. That being said, the code seems to work very well so its a good base to start from.

• UX. Or UI. Really. Right now it's just a clob of text, a table and a bunch of buttons
• Authentication before generating new tokens. To prevent someone hijacking your browser for 10 seconds when you're looking away thus getting a private password to your account.
• Stop validating that the expando field has been created at each access

Those are the things I could name just on top of my head. Anyway, the code is free to use and if you want, please contribute!