I am able to achieve Single Sign-On with ADFS in java web application (not in Spring) using Spring Saml Extension. I just went through this post. It says:
For Indirect Options... deploy SAML SP as another application on your container (e.g. Spring SAML or OpenAM) and make it communicate with your application - so SAML SP performs authentication with ADFS and communicates this to your application e.g. through a shared cookie, or a custom token
What do we need to do exactly? As I understand, this is Browser-based SSO, where each web application needs to use the Spring saml plugin to interact with ADFS. Please correct me If I am wrong. How can we pass the SAML token from one SP to multiple applications?
the mentioned post actually mixes standards-based WebSSO (SAML) with proprietary WebSSO (e.g. OpenAM). There no SAML assertion is passed to the other WebApps but WebSSO is achieved differently. In case of OpenAM this is achieved via an SSO tracking cookie.
You are corect , when using SAML only every application has to act as a SAML SP (e.g. implemented with Spring Security SAML extension for Java-based webapps or simpleSAMLPHP for PHP-based webapps).
Alternatively you could deploy all the other apps behind an HTTP reverse-proxy, where the reverse-proxy acts as a SAML SP (e.g. OpenIG)