Here is another thing that took me a long time to figure out. This was never mentionned in any books or was there any information available online.
When configuring SSO (Single Sign-On) for MOSS 2007, it is best to create a separate account to run this service.
Under Operations > Manage Settings for Single Sign-On > Manage Server Settings you put in all the accounts that will run this service. After all correct information is put in and you are sure all the accounts have been created and setup properly, clicking OK should finish it off. But nope, it keeps giving you an error message saying it cannot use the account or something along those lines. I can't remember exactly. But the key here is when you press OK, you can see the browser tries to connect to http://localhost/something/soemthing/
Unless you set http://localhost as one of your trusted sites in your Internet browser, it will keep giving you that message until you do.
Amazing, how no books or any material online could be found on this.
When configuring an account for SSO, it is best to you a security group when entering it in. This makes things much more flexible. Create an SSO admin account and make that account a member of the SSO Administrators for example.