In order to achieve what you want then the following flow, probably modified, could work:
- Log into site1
- Upon successful login site1 cURLs site2 using HTTPS with predefined credentials to a RESTful interface
- Site2 checks the predefined credentials and creates a temporary id which is stored in the DB and responds to the cURL with the ID stored in the DB
- ^ run a cron job every minute to clear ID's older than 5 seconds
- Site1 puts the ID in the URL and redirects to Site2
- Site2 gets the ID from the DB and authenticates the user
- Site2 deletes DB entry upon authentication