This actually is possible to do, though it requires some modification of the stock NopCommerce code. Since Nop.Commerce uses cookies, what you'll have to do is validate the user via AJAX,return a disposable token, and do some redirects.
Here is what I did:
1) Modify the target server to allow cross-origin requests.
2) Create a custom ActionResult in the CustomerController on the target server that verifies the user's identity via AJAX. If it's a SUCCESS, set a custom customer attribute (how you do it is how you see fit) with a one-time use security token. Return a JSON object that is SUCCESS/FAILURE back to the client. Do NOT! log the user in at this step
3) Make another custom ActionResult in the CustomerController, that passes in the user's e-mail address in the security token. If the security token matches the custom customer attribute (set in step 2), you'd want to log the user in at this junction and set a session cookie in this ActionResult. Load a black page that has JavaScript unction to redirect the user to the customer post-sign in landing page (to make sure the cookie got set to the client's machine). THIS IS CRITICAL, MAKING SURE A PAGE LOADS AFTER SETTING THE COOKIE BEFORE REDIRECTING TO AN AUTHORIZED PART OF THE SITE.
4) Make an external login page on your remote site, where you use an AJAX call to verify the user's identity to the ActionResult created in step 2.
5) When the client gets the JSON object, if it's valid login, redirect them to the ActionResult created in step 3.
The big thing is with forms authentication, is that you MUST make the user visit a page on the targeted domain before the cookie is set. Doing EXTERNAL_SITE -> TARGETSITE_AUTHENTICATED_PAGE does not work. You must do EXTERNAL_SITE -> TARGETSITE_SETCOOKIE_AND_REDIRECT_PAGE -> TARGETSITE_AUTNETICATED_PAGE
