Provide login_hint fordwarding for ws-saml protocol and from ws-saml to ws-fed protocal

Change Get-ADFSAccountActivity to return all users in ADFS Activity database, like supporting a -All parameter. Then users can be searched using powershell of users that have triggered lockout or failed given amount of times. Currently users have to be retrieved one by one which is tedious at best

Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

Support other methods using MFA for Primary Authentication, based on what the user's preferences are (as setup in aka.ms/mfasetup)

ADFS + Azure SQL Managed Instances Supportability

Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

compte 0005859947 63 touggourt30002 algeria ccp

My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

When logging in through ADFS forms-based authentication, the user is only prompted to enter their credentials, they aren't given any way to know when the last time they did so was was. Many web sites offer this feature to allow a user to know when, from where, and from which device they last logged in to they can report any anomalies to the powers that be. ADFS should have such a feature.

Allow rps to specify a saml <Subject>. When the rp knows the user adfs could then pre populate the username field on the login page.

Would improve user experience a lot if AD FS would support inline user provisioning for Azure MFA. This is so inconvenient that users should do this separately, and not in app.
E.g. Microsoft Intune has this integrated in provision process.

Also error message for this is not provisioned users is too general and not informative at all.

More info in paragraph "Registering users for Azure MFA with AD FS 2016"
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa

we need a comprehensive syntax and semantics reference for Claims Rule Language. I know there are operators besides == ~= EXIST and such, which are not covered here. and this link is by far the most comprehensive which is available:
http://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx

Right now in Windows Server 2012 R2 you are required to run present Domain Admin credentials while installing. This is not an option when AD FS and AD DS are supported by separate teams - it exposes domain admin credentials to persons which are not allowed to know them.
This was not a case for AD FS 2.0 - please remove the need of DA privileges to be entered at AD FS server.

Please add support to use SQL Azure as DB. Would open up some easy HA scenario deployments for ADFS.

Add the setting of ACL for domain join to "New-ADComputer" cmdlet.

In MMC it is possible to create an Computer AD Account and set "The following user or group can join this computer to a domain"

Would be nice to have it in New-ADComputer

It would be nice, if we cound put some custom text/links on the password change page that is shown to the users after they change their password.

AD FS currently only supports single Entity Metadata files, which works well for local applications, but works not for federation with InCommon, SWITCH, DFN, etc.
It would be good to see support for multi Entity Metadata files, to get a real interoperable product.