AD FS (Active Directory Federation Services) is a Windows Server component that provides Single Sign-On (SSO) and identity federation capabilities. The support for OAuth 2.0 Token Exchange (specifically the "on_behalf_of" flow) in AD FS, as of Windows Server 2016, indicated that Microsoft was moving towards adopting modern identity protocols and standards to enhance its authentication and authorization capabilities.
Will RFC 8693 Token Exchange be implemented in Windows Server 2019 AD FS?
Michael Kaare Christensen
6
Reputation points
AD FS, since Windows Server 2016, contains partial support for an early draft of OAuth 2.0 Token Exchange (on_behalf_of). The spec was finalized as RFC 8693 in january .
Is there any work ongoing to update AD FS in Windows Server 2019 to support (parts of?) the final spec, e.g. adjust parameter names and values, supporting both delegation, impersonation and exchanging SAML tokens to JWT tokens?
// Michael