Federated Identity Management: ADFS vs OpenID

Well, let I try to explain this:

• OAuth 2 - Protocol for delegated authorization;
• OpenID Connect (OIDC) - Protocol build over OAuth2 that allows delegated authentication; Instead of my App implement the authentication, this authentication is realized by a third party.
• Active Directory Federation Services (ADFS) - Is not a protocol neither a framework. Is a software developed by Microsoft that allows single sign on and Federation for Windows networks.
• Claim based is the basis of SAML and OIDC JWT tokens. These kinds of tokens have assertions about the subject (entity authenticated) and usually is signed.

Summarizing:

• OIDC and OAuth 2.0 are protocols. They don't dictate which or how your federation will work. OAuth2 takes place at the authorization stage and OpenID Connect at authentication and federation phases. Any company can, with the public key exposed by OpenID Provider validate the ID Token and, therefore, be part of the Federation.
• ADFS is as product that allows federation based on SAML protocol (secure but heavier than OIDC)
• Claim based is used both in OIDC and SAML protocols. The tokens have information that the issuers claim to be correct about some entity. If you rely on token issued by a third part you became a relying party.

Just to expand.

When you said, OpenID did you mean that or did you mean OpenID Connect? They are two different protocols and OpenID is very rarely used these days.

ADFS 4.0 (Server 2016) is the only ADFS that has full OpenID Connect / OAuth support (i.e. all four profiles).

Only ADFS 4.0 can use LDAP v3.0 and above for authentication. On earlier versions you have to use AD.

Also SAML and WS-Fed normally use SAML tokens not JWT ones.

Just to point out, ADFS also supports WS-Federation.