For anything that deals with logins a server-side solution is more secure and compatible (i.e. if they don’t have JS enabled, they still get the pared-down version). It’s also generally safer to use existing functionality with plugins sprinkled in sparingly so that others who keep up with Core modifications can maintain the code.
You could handle 3 out of 4 of these methods server-side with WP’s built-in login system: each user has an email address (use the one from the legacy system), a username (use the one from the other legacy system), and an id (use one from one of the other legacy systems – as long as you’re careful you can change the one WP assigns to another number, you just have to change the usermeta table as well, and if any are authors, make sure to change the author id in the wp_posts table).
If any of the legacy systems are routed through or could be retrofitted to provide a single sign-on service, there are also WordPress SSO plugins that allow people to log in with CAS, LDAP, Google, etc. So you might be able to handle the fourth scenario that way, and not have to custom code anything you would have to continue to maintain yourself.