Interop methods quick summary:
ldap client+AD
Nisclient+Nis domain (SFU)
Centrify client+AD ==> I recommend Centrify:
Single sign-on JAVA with AD:
Before jumping into implementation and configurations it is good to know some common keywords /jargons used on single-sign-on technique.
Kerberos –
Active Directory –
how kerberos works (Web server and AD):
The Web Server has to hand-shake with browser to obtain kerberos token. The token can be validated against keytab file ( or connecting through Active Directory.

The below diagram explains how the handshake happens between browser and webserver to obtain kerberos token for authentication.