If I read correctly, webtree_simpleautologin authenticates using the HTTP header provided by a reverse proxy, pas.plugins.headers · PyPI does the same for Plone.
IMO using any kind of authentication in the reverse proxy (i.e. Apache) with, for example, Shibboleth, OAuth2, or for demonstration purpose the simple mod_authn_core - Apache HTTP Server Version 2.4 ... it is possible to configure webtrees and Plone behind the same reverse proxy and have an inexpensive SSO without any problems.