If an application runs in a corporate Data center (i.e. outside of AWS environment) and uses corporate credentials from its on premise Microsoft Active Directory as the sign in mechanism, would that application be able to federate into AWS programatically (i.e. use AWS federation, programatically) and access AWS resources via a role? I am trying to find out if this can be considered as an approach to avoid using access keys (access key ID and secret access key) within an application running outside of AWS environment.
You are probably looking for AWS Identity Pools, where you can integrate with custom identity providers and then exchange them for AWS credentials. Have a look at https://docs.aws.amazon.com/cognito/latest/developerguide/getting-started-with-identity-pools.html