查看联合服务器代理在资源伙伴中的角色Review the Role of the Federation Server Proxy in the Resource Partner

Active Directory 联合身份验证服务 AD FS 中的联合服务器 ( 代理 ) 可在以下一个或多个角色中工作,具体取决于你如何配置服务器来满足资源伙伴组织的需求:A federation server proxy in Active Directory Federation Services (AD FS) can function in one or more of the following roles, depending on how you configure the server to meet the needs of the resource partner organization:

  • 帐户伙伴发现:Internet 客户端计算机必须确定将对其进行身份验证的帐户伙伴。Account partner discovery: An Internet client computer must identify which account partner will authenticate it. 客户端使用帐户伙伴发现 Web 窗体 discoverclientrealm.aspx 查找帐户伙伴 ( ,该窗体 ) 存储在资源伙伴中的联合服务器代理上。The client finds the account partner by using an account partner discovery Web form (discoverclientrealm.aspx), which is stored on the federation server proxy in the resource partner. 如果在 AD FS 管理 "管理单元中配置了多个帐户伙伴 - ,则会向客户端显示一个下拉菜单,其中 - 包含对访问帐户伙伴发现 Web 窗体的 Internet 客户端计算机可见的所有可用帐户伙伴。If more than one account partner is configured in the AD FS Management snap-in, a drop-down menu appears to the client with all the available account partners that are visible to Internet client computers that access the account partner discovery Web form. 你可以通过自定义 discoverclientrealm.aspx 文件来更改帐户伙伴发现 Web 窗体对客户端计算机的呈现方式。You can change how the account partner discovery Web form is presented to client computers by customizing the discoverclientrealm.aspx file.

  • 安全令牌重定向:帐户伙伴中的联合服务器代理将安全令牌发送给资源伙伴。Security token redirection: The federation server proxy in the account partner sends the security tokens to the resource partner. 资源联合服务器代理接受这些令牌并将它们传递给资源伙伴中的联合服务器。The resource federation server proxy accepts these tokens and passes them on to the federation server in the resource partner. 然后,资源联合服务器颁发一个与特定资源 Web 服务器绑定的安全令牌。The resource federation server then issues a security token that is bound for a specific resource Web server. 然后,资源联合服务器代理会将该令牌重定向到客户端。The resource federation server proxy then redirects the token to the client.

总而言之,资源联合服务器代理通过将客户端计算机重定向到可以对客户端进行身份验证的联合身份验证服务器,来简化联合登录过程。To summarize, a resource federation server proxy facilitates the federated logon process by redirecting client computers to a federation server that can authenticate the clients. 资源联合服务器代理也充当资源联合服务器的客户端安全令牌代理。A resource federation server proxy also acts as a proxy for client security tokens to resource federation servers.

备注

如果需要帮助减少硬件和所需证书的数量,联合服务器代理可以与 Web 服务器位于同一台计算机上。When it is necessary to help reduce the amount of hardware and the number of required certificates, the federation server proxy can be located on the same computer as the Web server.

另请参阅See Also

Windows Server 2012 中的 AD FS 设计指南AD FS Design Guide in Windows Server 2012