Azure AD & ADSF
If it helps, we have Azure AD working with our internal AD (we use Office365). We configured DirSync from local AD to Azure AD. Having this in-place, we now create an Azure app that authenticates via OAuth. It does require Azure Active Directory Premium (there is a 30-day free trial available).
Some additional options:
- Add Web Application Proxy (WAP) server as a reverse proxy in their DMZ: https://technet.microsoft.com/en-us/library/dn280944(v=ws.11).aspx
- Azure Active Directory Proxy (requires Azure Active Directory): https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-get-started/
- Hybrid:
Enabling OAuth in ADFS: https://technet.microsoft.com/en-us/library/dn479350(v=wps.630).aspx