設定兩個 SharePoint Server 伺服器陣列之間的搜尋信任Configure trust for search between two SharePoint Server farms

摘要:將接收搜尋查詢的 SharePoint Server 2016 或 SharePoint Server 2013 內容伺服器陣列,設定為信任傳送查詢的 SharePoint Server 2016 或 SharePoint Server 2013 伺服器陣列。Summary: Configure a SharePoint Server 2016 or a SharePoint Server 2013 content farm that receives search queries to trust the SharePoint Server 2016 farm or SharePoint Server 2013 that sends the queries.

若要將內部部署的 SharePoint Server 內容伺服器陣列,設定為從其搜尋索引傳回結果至個別內部部署 SharePoint Server 陣列,您必須執行下列兩個主要程序:To configure an on-premises SharePoint Server content farm to return results from its search index to a separate on-premises SharePoint Server farm, you must perform the following two main procedures:

  1. 在即將接收搜尋查詢的伺服器陣列中,執行以下作業將此伺服器陣列設定為信任即將傳送查詢的伺服器陣列:In the farm that will receive the search queries, configure trust of the farm that will send the queries by doing the following:

    • 使用 Open Authorization 2.0 (OAuth 2.0) Web 授權通訊協定,設定伺服器對伺服器的信任關係。Configure a server-to-server trust relationship by using the Open Authorization 2.0 (OAuth 2.0) web authorization protocol.

    • 在即將接收查詢的伺服器陣列,讓它從它的所有裝載內容的 Web 應用程式傳回搜尋結果。Enable the farm that receives the queries to return search results from all of its web applications that host content.

  2. 在即將傳送搜尋查詢的伺服器陣列中,建立可進行下列動作的結果來源:In the farm that will send the search queries, create a result source that does each of the following:

    • 指定[遠端 SharePoint做為通訊協定。Specifies Remote SharePoint as the protocol.

    • 指定 SharePoint Server 伺服器陣列中,即將接收搜尋查詢的任何根網站集合位址。Specifies the address of any root site collection in the SharePoint Server farm that will receive the search queries.

    如需詳細資訊,請參閱<在 SharePoint Server 中設定搜尋的結果來源>。For more information, see Configure result sources for search in SharePoint Server.

    注意

    [!附註] 建立結果來源後,請在網頁組件或查詢規則動作中使用,以此方式公開它提供的搜尋結果。如此一來,傳送搜尋查詢的伺服器陣列使用者,就可以看到接收查的伺服器陣列傳來的結果。如需詳細資訊,請參閱<了解 SharePoint Server 中的搜尋結果來源>。After you create the result source, you expose the search results that it provides by using it in a Web Part or a query-rule action. In this way, users of the farm that is sending search queries can see results from the farm that is receiving the queries. For more information, see Understanding result sources for search in SharePoint Server.

本文說明如何執行上述清單中的第一個程序:將接收查詢的伺服器陣列設定為信任傳送查詢的伺服器陣列。This article describes how to perform the first procedure in the list above: how to configure the farm that receives search queries to trust the farm that sends the queries.

因本文簡要考量,已使用下列詞彙:For brevity in this article, the following terms are used:

SendingFarmSendingFarm 內部部署的 SharePoint Server 伺服器陣列有搜尋服務,可將搜尋查詢傳送至 ReceivingFarm。An on-premises SharePoint Server farm that has a search service that sends search queries to ReceivingFarm.
ReceivingFarmReceivingFarm 內部部署的 SharePoint Server 伺服器陣列具備搜尋服務,可從 SendingFarm 接收搜尋查詢。本文章假設 ReceivingFarm 至少有一個裝載內容的 Web 應用程式。An on-premises SharePoint Server content farm that has a search index that receives search queries from SendingFarm. In this article, it is assumed that ReceivingFarm has at least one web application that hosts content.

為了讓 SendingFarm 能夠從 ReceivingFarm 中的搜尋索引取得搜尋結果,伺服器陣列必須具有下列特性:In order for SendingFarm to be able to get search results from the search index in ReceivingFarm, the farms must have the following characteristics:

注意

[!附註] 因為 SharePoint Server 在 Internet Information Services (IIS) 中以網站形式運作,所以管理員與使用者均依賴瀏覽器提供的協助工具功能。SharePoint Server 支援所支援瀏覽器的協助工具功能。如需詳細資訊,請參閱下列資源:Because SharePoint Server runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint Server supports the accessibility features of supported browsers. For more information, see the following resources:

將 ReceivingFarm 設定為信任 SendingFarmTo configure ReceivingFarm to trust SendingFarm

  1. 確認執行此程序的帳戶是下列群組的成員:Verify that the account that performs this procedure is a member of the following groups:

    • ReceivingFarm 中的伺服器陣列管理員群組。Farm Administrators group in ReceivingFarm.

    • 正在執行 Microsoft PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running Microsoft PowerShell cmdlets.

      此伺服器的系統管理員可使用 Add-SPShellAdmin Cmdlet 授權某人使用 SharePoint Server Cmdlet。當您執行 Add-SPShellAdmin Cmdlet時,您必須是 SQL Server 執行個體上 securityadmin 固定伺服器角色的成員,且必須是即將更新之所有資料庫上 db_owner 固定資料庫角色的成員。如需詳細資訊,請參閱< Add-SPShellAdmin>。如果您不具備上述資格,請連絡您的系統管理員或 SQL Server 系統管理員要求這些成員資格。An administrator of that server can use the Add-SPShellAdmin cmdlet to grant someone permission to use SharePoint Server cmdlets. When you run the Add-SPShellAdmin cmdlet, you must have membership in the securityadmin fixed server role on the SQL Server instances, and you must have membership in the db_owner fixed database role on all databases that are to be updated. For more information, see Add-SPShellAdmin. Contact your system administrator or SQL Server administrator to request these memberships if you do not have them.

  2. 在 ReceivingFarm 中的伺服器上,啟動 SharePoint 管理命令介面。On a server in ReceivingFarm, start the SharePoint Management Shell.

    • 若為 Windows Server 2008 R2:For Windows Server 2008 R2:

      在 SharePoint Server 環境中,按一下 [開始] 功能表按一下 [所有程式]、 [ SharePoint 2016、 和 [ SharePoint 管理命令介面In the SharePoint Server environment, on the Start menu, click All Programs, click SharePoint 2016, and then click SharePoint Management Shell.

    • 若為 Windows Server 2012:For Windows Server 2012:

      • 在 SharePoint Server 環境,在 [開始] 頁面中按一下 [ SharePoint 管理命令介面]。In the SharePoint Server environment, on the Start page, click SharePoint Management Shell.

      • 如果SharePoint 管理命令介面不在 [開始] 頁面中,電腦上按一下滑鼠右鍵、 按一下 [所有程式],和 [SharePoint 管理命令介面。If SharePoint Management Shell is not on the Start page, right-click Computer, click All apps, and then click SharePoint Management Shell.

      如需如何與 Windows Server 2012 互動的詳細資訊,請參閱<Windows Server 2012 的常見管理工作及瀏覽方式>。For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. 在 ReceivingFarm 中的伺服器上,在 PowerShell 命令提示字元執行以下命令。此命令使用 OAuth 2.0 Web 授權通訊協定來設定伺服器對伺服器的信任,讓 ReceivingFarm 信任 SendingFarm。On a server in ReceivingFarm, run the following commands at a PowerShell command prompt. The commands use the OAuth 2.0 web authorization protocol to configure a server-to-server trust, so that ReceivingFarm will trust SendingFarm.

    # Create a trusted security token issuer
    $i = New-SPTrustedSecurityTokenIssuer -Name "SendingFarm" -IsTrustBroker:$false -MetadataEndpoint "https://<SendingFarm_web_application>/_layouts/15/metadata/json/1"
    # Configure trust of the token-signing certificate'
    # by adding the trust used to sign oAuth tokens'
    # to the list of trusted root authorities'
    # in ReceivingFarm
    New-SPTrustedRootAuthority -Name "SendingFarm" -MetadataEndPoint https://<SendingFarm_web_application>/_layouts/15/metadata/json/1/rootcertificate
    

    其中:Where:

    https://<SendingFarm_web_application> 是 SendingFarm 中任何已啟用 SSL 的 Web 應用程式https://<SendingFarm_web_application> is any SSL-enabled web application in SendingFarm

    重要

    [!重要事項] 內含伺服器對伺服器驗證端點,用以處理內送伺服器對伺服器要求的 Web 應用程式,或是提出外送伺服器對伺服器要求的 Web 應用程式,皆應該加以設定,以便使用安全通訊端層 (SSL)。如需如何設定 Web 應用程式使用 SSL 的相關資訊,請參閱<在 SharePoint Server 中建立宣告式 web 應用程式>。如需有關設定伺服器對伺服器要求的 HTTP 支援,請參閱<Configure server-to-server authentication in SharePoint Server>中的<Configure server-to-server authentication between SharePoint Server farms>。Web applications that include server-to-server authentication endpoints for incoming server-to-server requests, or that make outgoing server-to-server requests, should be configured to use Secure Sockets Layer (SSL). For information about how to configure a web application to use SSL, see Create claims-based web applications in SharePoint Server. For information about how to configure HTTP support for server-to-server requests, see Configure server-to-server authentication between SharePoint Server farms in Configure server-to-server authentication in SharePoint Server.

  4. 在 ReceivingFarm 中的伺服器上,在 PowerShell 命令提示字元執行以下命令:On a server in ReceivingFarm, at a PowerShell command prompt, run the following command:

    # Use $realm to store the string'
    # that comes after the "@" character'
    # in the value of $i.NameId
    $realm = $i.NameId.Split("@")
    
  5. 在 ReceivingFarm 中的伺服器中的 PowerShell 命令提示字元執行下列命令,讓 ReceivingFarm 中所有的 Web 應用程式將搜尋結果傳回到 SendingFarm:On a server in ReceivingFarm, at a PowerShell command prompt, run the following commands to enable all web applications in ReceivingFarm to return search results to SendingFarm:

    $s1 = Get-SPSite -Identity https://<ReceivingFarm_web_application>
    $sc1 = Get-SPServiceContext -Site $s1
    # Set up an authentication realm for'
    # a web application that hosts content in ReceivingFarm 
    Set-SPAuthenticationRealm -ServiceContext $sc1 -Realm $realm[1]
    # Get a reference to the application principal'
    # for that web application in Farm B
    $p = Get-SPAppPrincipal -Site https://<ReceivingFarm_web_application> -NameIdentifier $i.NameId
    # Grant rights to the application principal'
    # that SendingFarm will use'
    # when it sends queries to ReceivingFarm
    Set-SPAppPrincipalPermission -Site https://<ReceivingFarm_web_application> -AppPrincipal $p -Scope SiteCollection -Right FullControl
    

    其中:Where:

    https://<ReceivingFarm_web_application> 是在 ReceivingFarm 中已啟用 SSL 的 Web 應用程式。https://<ReceivingFarm_web_application> is an SSL-enabled web application in ReceivingFarm.

  6. 針對裝載您要搜尋之內容的 ReceivingFarm 中包含的每一個 Web 應用程式,重複上述步驟 (步驟 5)。Repeat the previous step (step 5) for each web application in ReceivingFarm that hosts content that you want to search.

另請參閱See also

SharePoint Server 的驗證概觀Authentication overview for SharePoint Server

在 SharePoint Server 中規劃伺服器對伺服器的驗證Plan for server-to-server authentication in SharePoint Server

在 SharePoint Server 中規劃伺服器對伺服器的驗證Plan for server-to-server authentication in SharePoint Server

Configure server-to-server authentication in SharePoint ServerConfigure server-to-server authentication in SharePoint Server

設定 SharePoint 2013 中伺服器陣列之間的 OAuth 信任Setting Up an oAuth Trust Between Farms in SharePoint 2013

在 SharePoint 2013 中從遠端 SharePoint 索引取得完整結果Getting a Full Result Set from a Remote SharePoint Index in SharePoint 2013

簡介 JavaScript 和 .NET 中的 JavaScript 物件標記法 (JSON)An Introduction to JavaScript Object Notation (JSON) in JavaScript and .NET