You can come in with OpenID Connect and a JWT token and exit with SAMLp and a SAML token.
The same kind of thing happens with Azure AD where you have a federated tenant using ADFS for the authentication.
The user accesses a .NET application that uses the OWIN OpenID Connect stack to connect to AAD.
If you are wondering about the "domain_hint" see here: Using Azure AD to land users on their custom login page from within your app
AAD sees that this is a federated tenant and hands off to ADFS. The default for the Microsoft stack is WS-Fed.
So AAD has done a protocol conversion from OpenID Connect / OAuth (oauth2/authorize) to WS-Fed (wa=wsignin1.0).