在 Lync Server 2013 中配置 AD FS 2.0 以支持客户端身份验证Configuring AD FS 2.0 to support client authentication in Lync Server 2013

 

上次修改的主题: 2013-07-03Topic Last Modified: 2013-07-03

有两种可能的身份验证类型可配置为允许 AD FS 2.0 支持使用智能卡的身份验证:There are two possible authentication types that can be configured to allow AD FS 2.0 to support authentication using smart cards:

  • 基于表单的身份验证 (FBA) Forms-based authentication (FBA)

  • 传输层安全性客户端身份验证Transport Layer Security Client Authentication

使用基于表单的身份验证,您可以开发允许用户通过使用其用户名/密码或使用智能卡和 PIN 进行身份验证的网页。Using forms-based authentication, you can develop a web page that allows users to authenticate either by using their username/password or by using their smart card and PIN. 本主题重点介绍如何使用 AD FS 2.0 实施传输层安全性客户端身份验证。This topic focuses on how to implement Transport Layer Security Client Authentication with AD FS 2.0. 有关 AD FS 2.0 身份验证类型的详细信息,请参阅 AD FS 2.0:如何更改本地身份验证类型 https://go.microsoft.com/fwlink/p/?LinkId=313384For more information about AD FS 2.0 authentication types, see AD FS 2.0: How to Change the Local Authentication Type at https://go.microsoft.com/fwlink/p/?LinkId=313384.

配置 AD FS 2.0 以支持客户端身份验证To Configure AD FS 2.0 to Support Client Authentication

  1. 使用域管理员帐户登录到 AD FS 2.0 计算机。Log in to the AD FS 2.0 computer using a Domain Admin account.

  2. 启动 Windows 资源管理器。Launch Windows Explorer.

  3. 浏览到 C: \ inetpub \ adfs \ lsBrowse to C:\inetpub\adfs\ls

  4. 创建现有 web.config 文件的备份副本。Make a backup copy of the existing web.config file.

  5. 使用记事本打开现有 web.config 文件。Open the existing web.config file using Notepad.

  6. 从菜单栏中,选择 " 编辑 ",然后选择 " 查找"。From the Menu bar, select Edit and then select Find.

  7. 搜索 <localAuthenticationTypes>Search for <localAuthenticationTypes>.

    请注意,每行列出了四种身份验证类型。Note that there are four authentication types listed, one per line.

  8. 将包含 TLSClient 身份验证类型的行移到 "" 部分的列表顶部。Move the line containing the TLSClient authentication type to the top of the list in the section.

  9. 保存并关闭 web.config 文件。Save and Close the web.config file.

  10. 使用提升的权限启动命令提示符。Launch a Command Prompt with elevated privileges.

  11. 通过运行以下命令来重新启动 IIS:Restart IIS by running the following command:

    IISReset /Restart /NoForce