ADFS does not pass credentials.
In order to achieved Sigle Sign On for an internal application you will need:
- Configure the application to use Federation and to point/redirect ADFS for authentication.
- Configure a Replying Party Trust for the application in ADFS.
- Confirm that Windows Integrated Authentication is configured on the primary authentication policy.
- Confirm that the ServicePrincipalName of the farm is set on the service account and only on the service account.
- Make sure the client is domain joined and have the URL of the ADFS server (not the application) in either the Trusted Site List or the Intranet Site List.
- Make sure the useragentstring of the browser is listed in the list of supported UAS for Windows Integrated Authentication (example for Chrome available here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia#configuring-wia-for-chrome).