Hello Mohammad,
I wanted only to provide info about the topic "connecting AD with AS JAVA".
My colleague Dimitar Mihaylov already proposed a proper document to you regarding your scenario. In his post to you Dimitar mentioned a very good document describing recommended by SAP architecture for Fiori implementation and specially securing Fiori scenarios for mobile usage with our SAP Single Sign-On product.
This is from his post above:
".....A similar setup is shown in scenario 3 of the following blog: http://scn.sap.com/community/sso/blog/2015/05/22/stronger-security-for-your-business-data-at-risk, where SAP Web Dispatcher = Reverse Proxy, SAP SSO = Portal / IDP, Gateway = ERP"
Regards,
Donka Dimitrova