Will RFC 8693 Token Exchange be implemented in Windows Server 2019 AD FS?

Michael Christensen 6 Reputation points
2020-03-01T15:32:24.333+00:00

AD FS, since Windows Server 2016, contains partial support for an early draft of OAuth 2.0 Token Exchange (on_behalf_of). The spec was finalized as RFC 8693 in january .

Is there any work ongoing to update AD FS in Windows Server 2019 to support (parts of?) the final spec, e.g. adjust parameter names and values, supporting both delegation, impersonation and exchanging SAML tokens to JWT tokens?

// Michael

Microsoft Security | Active Directory Federation Services
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Vahid Ghafarpour 23,385 Reputation points Volunteer Moderator
    2023-08-25T04:22:46.1233333+00:00

    AD FS (Active Directory Federation Services) is a Windows Server component that provides Single Sign-On (SSO) and identity federation capabilities. The support for OAuth 2.0 Token Exchange (specifically the "on_behalf_of" flow) in AD FS, as of Windows Server 2016, indicated that Microsoft was moving towards adopting modern identity protocols and standards to enhance its authentication and authorization capabilities.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.