You are right, the SP2007 model was a lot easier but not extensible.
Are these web applications on the same SharePoint farm?
The SharePoint STS can be shared across multiple web apps as long they live within the same farm. You can configure your webapps and the Sharepoint STS to use FBA with your custom membership/role provider.
We managed to implement a similar scenario but the webapp1 was living on Sharepoint 2010/2013 and the webapp2 was an standard ASP.NET app. The user logs in on webapp1 and the ticket was shared across to webapp2. The same scenario can be used to share tokens between Sharepoint web apps as long they live within the farm. (Your Sharepoint STS will internally talk to your membership/role provider however behind the scenes a FedAuth token will be created as your SP web apps only understand claims)
Hope this makes sense, if not let me know.
Gerardo Diaz