Currently looking to federate servers that use AD. First thought was to use ADFS to manage service requests across domains and realms. That being said the application must have access to Kerberos tickets for a specific use case.
Does AD FS use Kerberos at any point or is it it's own totally redesigned ticketing system? If so can you create a hybrid application that can authenticate using ADFS and request tickets using Kerberos?
ADFS simply provides a federation service on top of AD i.e. support for protocols like WS-Fed and SAML.
The Kerberos protocol remains part of AD.
Once authenticated ADFS provides either a SAML 1.1 or 2.0 token that contains the claims.