檢查清單︰ 設定 AD FS 傳送給 AD FS 1.x 宣告感知 Web 代理程式宣告Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Claims-Aware Web Agent

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

檢查清單︰ 設定 AD FS 傳送給 AD FS 1.x claims\ 感知 Web 代理程式宣告Checklist: Configuring AD FS to send claims to an AD FS 1.x claims-aware Web agent

此檢查清單會包含所需的設定您的 Active Directory 同盟服務 (AD FS) 同盟服務,傳送宣告可以了解應用程式執行 AD FS 1 的網頁伺服器主控 Windows Server 2012 中的工作。x claims\ 感知 Web 代理程式。This checklist includes the tasks that are necessary for configuring your Active Directory Federation Services (AD FS) Federation Service in Windows Server 2012 to send claims that can be understood by an application that is hosted by a Web server running the AD FS 1.x claims-aware Web agent.

注意

完成此訂單中的檢查清單中的工作。Complete the tasks in this checklist in order. 當參考連結可讓您的程序時,返回本主題之後在您完成該程序中的步驟操作,以便您可以繼續檢查清單中的其餘的工作。When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

<span data-ttu-id="c14c8-108">設定宣告傳送給 AD FS](media/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**檢查清單︰ 設定 AD FS 傳送給 AD FS 1.x claims\ 感知 Web 代理程式宣告**</span><span class="sxs-lookup"><span data-stu-id="c14c8-108">configure AD FS to send claimsChecklist: Configuring AD FS to send claims to an AD FS 1.x claims-aware Web agent

工作Task 參考資料Reference
設定宣告傳送給 AD FS 跨平台與 Windows Server 2012 中的 AD FS 舊版 AD FS 計劃以及了解更多有關名稱 ID 宣告類型。Plan for interoperability between AD FS in Windows Server 2012 and previous versions of AD FS and learn more about the Name ID claim type. <span data-ttu-id="c14c8-113">設定宣告傳送給 AD FS規劃 AD FS 使用的跨平台 1.x](https://technet.microsoft.com/library/ff678040.aspx)configure AD FS to send claimsPlanning for Interoperability with AD FS 1.x
設定宣告傳送給 AD FS 如果已經執行此動作,使用右側連結第一次建立信賴廠商信任 AD FS 1 與 Windows Server 2012 中 AD FS 同盟服務。x同盟服務。If you have not already done so, use the link on the right to first create a relying party trust between the AD FS Federation Service in Windows Server 2012 and the AD FS 1.x Federation Service. 檢查清單︰ 設定 AD FS 傳送給 AD FS 1.x 同盟服務宣告Checklist: Configuring AD FS to Send Claims to an AD FS 1.x Federation Service
設定宣告傳送給 AD FS 您可以在前達到相互 AD FS 1 裝載的應用程式。x claims\ 感知網路代理程式,您必須先建立信賴廠商信任 AD FS 同盟服務中的 AD FS 1 到 Windows Server 2012 中。Before you can achieve interoperation with an application that is hosted by the AD FS 1.x claims-aware Web agent, you must first create a relying party trust in the AD FS Federation Service in Windows Server 2012 to the AD FS 1. x claims\ 感知 Web 代理程式。x claims-aware Web agent. 注意:建立 AD FS 同盟服務此信任相當新增新的應用程式以 AD FS 1.x 同盟服務 \ (聯盟 Service\Trust Policy\My Organization\Application)。Note: Creating this trust in the AD FS Federation Service is the equivalent of adding a new Application to the AD FS 1.x Federation Service (Federation Service\Trust Policy\My Organization\Application). 因為 AD FS 不會有相當依賴廠商信任是必要的應用程式節點,其 snap\ 中的。This relying party trust is necessary because AD FS does not have an equivalent Application node in its own snap-in. 不過,您仍必須先應用程式安全的通道。However, it still must have a secure channel to the application.

當您設定程序使用中的直接連結信任時,您必須完成以下新增可以廠商信任精靈中交互操作 AD FS 1 信任此設定。x claims\ 感知 Web 代理程式:When you set up the trust using the procedure in the link to the right, you must do the following in the Add Relying Party Trust Wizard to set up this trust to interoperate with an AD FS 1.x claims-aware Web agent:

1.在選取資料來源頁面上,選取 [輸入資料可以手動廠商信任1. On the Select Data Source page, select Enter data about the relying party trust manually.
2.在選擇設定檔頁面上,選取的設定檔 AD FS 1.0 和 1.12. On the Choose Profile page, select AD FS 1.0 and 1.1 profile.
3.在設定的 URL頁面上,在WS-聯盟被動式 URL,輸入應用程式 URL AD FS 1 中所定義。x的合作夥伴同盟服務。3. On the Configure URL page, under WS-Federation Passive URL, type the Application URL as defined in the AD FS 1.x Federation Service of the partner.
4.在設定識別碼頁面上,在Relying 部分信任識別碼,輸入應用程式 URL AD FS 1 中所定義。x claims\ 感知 Web 代理程式4. On the Configure Identifiers page, under Relying part trust identifier, type the Application URL as defined in the AD FS 1.x claims-aware Web agent
<span data-ttu-id="c14c8-128">設定宣告傳送給 AD FS可以廠商信任手動建立](../../ad-fs/operations/Create-a-Relying-Party-Trust.md)configure AD FS to send claimsCreate a Relying Party Trust Manually
設定宣告傳送給 AD FS 請洽詢系統管理員身分執行 AD FS 1 的網頁伺服器。x claims\ 感知網頁代理程式和編輯 web.config 與 claims\ 感知應用程式相關聯的系統管理員 \(在 [網際網路資訊服務 (IIS)) 指向網路代理程式 AD FS 同盟服務,預設網站。Contact the administrator of the Web server running the AD FS 1.x claims-aware Web agent and have that administrator edit the web.config file that is associated with the claims-aware application (under the Default Web Site in Internet Information Services (IIS)) to point the Web agent at the AD FS Federation Service.

例如,更換myresourcefederationserver在標記<fs>https://myresourcefederationserver/adfs/fs/federationserverservice.asmx</fs>的 web.config 有效 AD FS 聯盟伺服器名稱。For example, replace myresourcefederationserver in the tag <fs>https://myresourcefederationserver/adfs/fs/federationserverservice.asmx</fs> of the web.config file with a valid AD FS federation server name.

這是必要無法使用從 Windows Server 2012 中 AD FS 同盟服務會傳送至該宣告應用程式和 AD FS 1.x claims\ 感知網路代理程式。This is necessary for the application and AD FS 1.x claims-aware Web agent to be able to consume the claims that are sent to it from the AD FS Federation Service in Windows Server 2012 .
A N\ 日N/A
設定宣告傳送給 AD FS 在您先前建立的依賴廠商信任,您必須建立理賠要求將需要連入宣告擷取自屬性存放區與通過、篩選或轉換成名稱 ID 規則宣告類型,可以了解,並由 AD FS 1。x claims\ 感知 Web 代理程式。On the relying party trust that you created earlier, you have to create claim rules that will take incoming claims that were extracted from an attribute store and pass through, filter, or transform them into a Name ID claim type that can be understood and consumed by the AD FS 1.x claims-aware Web agent. 注意:您建立本規則之前,請確定您建立此規則宣告規則集合有第一次從屬性存放區擷取輕量型 Directory 存取通訊協定 (LDAP) 屬性理賠要求前出現的規則。Note: Before you create this rule, make sure that the claim rule set where you are creating this rule has a rule that comes before it that first extracts a Lightweight Directory Access Protocol (LDAP) attribute claim from an attribute store. 做為您建立傳送給 AD FS 1 規則輸入,將會使用此理賠要求。x-compatible 理賠要求。This claim will be used as input to the rule that you create to send an AD FS 1.x-compatible claim. 如需如何建立規則解壓縮 LDAP 屬性,請查看建立規則為宣告傳送 LDAP 屬性,For more information about how to create a rule to extract an LDAP attribute, see Create a Rule to Send LDAP Attributes as Claims. <span data-ttu-id="c14c8-139">設定宣告傳送給 AD FS建立傳送給 AD FS 規則 1.x 相容宣告](../../ad-fs/operations/Create-a-Rule-to-Send-an-AD-FS-1x-Compatible-Claim.md)configure AD FS to send claimsCreate a Rule to Send an AD FS 1.x Compatible Claim