Workload identity federation supports OpenID Connect, so it should be compatible with AD FS. But until recently, workload identity federation didn’t work with AD FS-issued access tokens – only ID tokens worked properly. What was the issue there? For ID Tokens, OpenID Connect is pretty specific about their format: They need to be JSON Web Tokens (JWTs), they must contain certain claims, and they must satisfy certain rules to be considered valid. In contrast, OpenID Connect is pretty lax ab...
