This sounds like Shibboleth. The SP bolts onto httpd and delivers things like user attributes as server variables that apps can simply read. It even works if httpd is a reverse proxy in front of nodejs or whatever else, since you protect the app using location directives which play nice with proxypass directives.
The opposite certainly exists though, for example simplesamlphp which gets commingled into a php app codebase as you described.
The opposite certainly exists though, for example simplesamlphp which gets commingled into a php app codebase as you described.