First I am new to the topic ADFS. The goal is a Single-Sign-On authentication for Java-based Web-applications on Win2012R2.
When a user opens the browser, he will get a token from the Security-Token-Service. With this token and included claims (?) he should be able to log on to the web application.
1.) Are the claims packed into the security tokens?
2.) Can the application developer read this tokens? For adapting information from these claims into the application?
"The goal is a Single-Sign-On authentication for Java-based Web-applications on Win2012R2."
How to do intend to do this? Are you using a WS-Fed or SAML Java stack?
Yes - claims configured in the ADFS claims rules are in the token.
Yes - in .NET, WIF / OWIN has classes to do this, The same will be true for the Java stack.
Update
Spring SAML will work. Other options here : SAML : SAML connectivity / toolkit
Used the .NET version of ADAL - works well.
Beware: ADFS 3.0 does not support OpenID Connect and only supports the authorization code grant.
