EWS and Federated Authentication
Many are joining enjoying the benefits of federated authentication with OWA. However, with EWS they find that they cannot use federated authentication. EWS can use Basic, NTLM and oAuth for authentication. EWS does not support things like SAML tokens, etc. There is also no developer support for changing authentication token credentials programmatically – such as using an ISAPI filter. I'm pointing this out for clarity and how things are at the time of this post. I don't know if anything will change in this area in the future.
OAuth may be the closest thing to federated authentication. Below is a link which covers the supported types of authentication.
Authentication and EWS in Exchange
https://msdn.microsoft.com/en-us/library/office/dn626019(v=exchg.150).aspx
EWS Impersonation can be used in some situations where a developer might use federated authentication with EWS – if it supported it. So, please review at the links below.
How to: Configure impersonation
https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx
How to: Configure impersonation (2013)
https://msdn.microsoft.com/en-us/library/office/dn722376(v=exchg.150).aspx
Configuring Exchange Impersonation in Exchange 2010
https://msdn.microsoft.com/en-us/library/office/bb204095(v=exchg.140).aspx
Exchange Impersonation vs. Delegate Access https://blogs.msdn.com/b/exchangedev/archive/2009/06/15/exchange-impersonation-vs-delegate-access.aspx
Here are some additional links which may help:
Getting started with EWS https://blogs.msdn.microsoft.com/webdav_101/2015/05/03/getting-started-with-ews/
Best Practices: EWS Managed API coding for Exchange
https://blogs.msdn.microsoft.com/webdav_101/2016/04/12/ews-managed-api-coding-for-exchange/
About: Exchange Web Services (EWS)
https://blogs.msdn.com/b/webdav\_101/archive/2015/05/03/getting-started-with-ews.aspx
Best Practices – EWS Authentication and Access Issues
https://blogs.msdn.microsoft.com/webdav_101/2015/05/11/best-practices-ews-authentication-and-access-issues/