What is version of vsphere are you currently using? SSO 5.1 is pain to deal with and scale, you best option would be to go SSo 5.5 as this is backward compatible and it is much simpler to design. Watch this session from VMworld 2013, really really https://www.youtube.com/watch?v=-iiyKJGC018 - they talk about how to design your sso for scale from (17min onwards.)
When to Centralize vCenter Single Sign-On Server 5.5 | VMware vSphere Blog - VMware Blogs