How did you solve this?
This post describes a method I am about to attempt: Java / Oracle SOA blog: SSO with WebLogic 10.3.1 and SAML2</title><link type='text/css' rel='stylesheet' href='…
The trick is to add a listener (javax.servlet) to the APEX listener that takes the username from the principal (java.security.Principal) and "injects it" as a header. Then in the APEX application you just need to use the "HTTP Header Variable" security schema. In this one you will look for the header that you inject it before.
In your filter just extend HttpServletRequestWrapper implementing the getHeader methods.