設定 AD FS 2.0 以支援 Lync Server 2013 中的用戶端驗證Configuring AD FS 2.0 to support client authentication in Lync Server 2013

 

主題上次修改日期: 2013-07-03Topic Last Modified: 2013-07-03

有兩種可能的驗證類型可設定為允許 AD FS 2.0 支援使用智慧卡的驗證:There are two possible authentication types that can be configured to allow AD FS 2.0 to support authentication using smart cards:

  • 以表單為基礎的驗證 (FBA) Forms-based authentication (FBA)

  • 傳輸層安全性用戶端驗證Transport Layer Security Client Authentication

使用以表單為基礎的驗證,您可以開發一個網頁,讓使用者可以使用其使用者名稱/密碼或使用智慧卡和 PIN 碼進行驗證。Using forms-based authentication, you can develop a web page that allows users to authenticate either by using their username/password or by using their smart card and PIN. 本主題著重于如何使用 AD FS 2.0 來執行傳輸層安全性用戶端驗證。This topic focuses on how to implement Transport Layer Security Client Authentication with AD FS 2.0. 如需 AD FS 2.0 驗證類型的相關資訊,請參閱 AD FS 2.0:如何變更本機驗證類型 https://go.microsoft.com/fwlink/p/?LinkId=313384For more information about AD FS 2.0 authentication types, see AD FS 2.0: How to Change the Local Authentication Type at https://go.microsoft.com/fwlink/p/?LinkId=313384.

設定 AD FS 2.0 以支援用戶端驗證To Configure AD FS 2.0 to Support Client Authentication

  1. 使用網域系統管理員帳戶登入 AD FS 2.0 電腦。Log in to the AD FS 2.0 computer using a Domain Admin account.

  2. 啟動 Windows Explorer。Launch Windows Explorer.

  3. 流覽至 C: \ inetpub \ adfs \ lsBrowse to C:\inetpub\adfs\ls

  4. 請備份現有的 web.config 檔。Make a backup copy of the existing web.config file.

  5. 使用 [記事本] 開啟現有的 web.config 檔案。Open the existing web.config file using Notepad.

  6. 從功能表列中,選取 [ 編輯 ],然後選取 [ 尋找]。From the Menu bar, select Edit and then select Find.

  7. 搜尋 <localAuthenticationTypes>Search for <localAuthenticationTypes>.

    請注意,列出了四種驗證類型,每行一個。Note that there are four authentication types listed, one per line.

  8. 將包含 TLSClient 驗證類型的行移至區段中清單的頂端。Move the line containing the TLSClient authentication type to the top of the list in the section.

  9. 儲存並關閉 web.config 檔案。Save and Close the web.config file.

  10. 以較高的許可權啟動命令提示字元。Launch a Command Prompt with elevated privileges.

  11. 執行下列命令以重新啟動 IIS:Restart IIS by running the following command:

    IISReset /Restart /NoForce