Can an Active Directory be used as a OpenID provider? WIF is an option, but it's quite complicated and not very widespread.
Yes, you can. Just host an ASP.NET web site that itself uses Active Directory authentication, and exposes an OpenID Provider using DotNetOpenAuth.
There is also OpenID-LDAP server which claims to work with AD LDAP.
ADFS 4.0, available from Windows Server 2016 onwards, allows authentication using OpenID.
Or you can use RedHat Keycloak, which leverages any LDAP or Kerberos Server as a repository to be used with OIDC or even with poor man's auth SAML.
来源:https://stackoverflow.com/questions/2453769/active-directory-as-openid-provider