安裝同盟服務的角色Install the Federation Service Role Service

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

既然您正確憑證必要條件應用程式與設定電腦,您就準備好要安裝的 Active Directory 同盟服務 (AD FS) 同盟服務角色服務。Now that you have properly configured a computer with the prerequisite applications and certificates, you are ready to install the Federation Service role service of Active Directory Federation Services (AD FS). 當您在電腦上安裝同盟服務時,該電腦就會聯盟伺服器。When you install the Federation Service on a computer, that computer becomes a federation server.

注意

聯盟網路 Single-Sign-On (SSO) 設計,您必須至少一個聯盟伺服器 account 合作夥伴組織和資源合作夥伴組織中的至少一個聯盟伺服器。For the Federated Web Single-Sign-On (SSO) design, you must have at least one federation server in the account partner organization and at least one federation server in the resource partner organization. 如需詳細資訊,請查看放置聯盟伺服器For more information, see Where to Place a Federation Server.

您可以使用下列程序會成為第一個聯盟伺服器的電腦或會成為聯盟伺服器現有聯盟伺服器發電廠的電腦上安裝同盟服務角色服務 AD fs。You can use the following procedure to install the Federation Service role service of AD FS on a computer that will become the first federation server or on a computer that will become a federation server for an existing federation server farm.

必要條件Prerequisites

請確認使用私密金鑰 SSL 憑證的已安裝或此程序您在開始之前,匯入至本機憑證存放區 (Personal store)。Verify that an SSL certificate with the private key has already been installed or imported into the local certificate store (Personal store) before you start this procedure. 如果您要使用的 token\ 簽署憑證授權單位發行憑證 (CA),驗證,以私密金鑰 token\ 簽署憑證已經安裝或此程序您在開始之前,匯入至本機憑證存放區 (Personal store)。If you will be using a token-signing certificate that is issued by a certification authority (CA), verify that a token-signing certificate with the private key has already been installed or imported into the local certificate store (Personal store) before you start this procedure. 或者,您可以建立 self\ 簽署、 token\ 簽署憑證使用加入角色精靈中,此程序中所述。As an alternative, you can create a self-signed, token-signing certificate using the Add Roles Wizard, as described in this procedure. 如需 token\ 簽署的憑證的詳細資訊,請查看聯盟伺服器的憑證需求For more information about token-signing certificates, see Certificate Requirements for Federation Servers.

資格在系統管理員,或相當於、在本機電腦上的最低需求完成此程序。Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組\ (go.microsoft.com\ fwlink\ 方式 http://// # / 嗎?LinkId\ = 83477)。Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

若要安裝同盟服務的角色To install the Federation Service role service

  1. [開始]畫面中,輸入伺服器管理員],然後按 ENTER 鍵。On the Start screen, typeServer Manager, and then press ENTER.

  2. 按一下管理,然後按一下 [新增角色與功能開始新增角色與精靈中的功能。Click Manage, and then click Add Roles and Features to start the Add Roles and Features Wizard.

  3. 在您開始之前頁面上,按一下 [On the Before you begin page, click Next.

  4. 選擇安裝類型頁面上,按一下 [ Role\ 或 Feature\ 安裝,並按一下 [下一步On the Select installation type page, click Role-based or Feature-based installation, and click Next.

  5. 選取目的伺服器頁面上,按一下 [伺服器集區中選取 [伺服器,確認的目標電腦反白,然後按下一步On the Select destination server page, click Select a server from the server pool, verify that the target computer is highlighted, and then click Next.

  6. 選擇伺服器角色頁面上,按一下 [ Active Directory 同盟服務,然後按一下 [下一步。On the Select server roles page, click Active Directory Federation Services, and then click next.

    注意

    如果系統提示您安裝其他的.NET Framework 或 Windows 程序啟動服務的功能,請按一下新增功能進行安裝。If you are prompted to install additional .NET Framework or Windows Process Activation Service features, click Add Features to install them.

  7. 選擇功能頁面上,確認功能的設定,然後按下一步On the Select features page, verify that the features are set, and then click Next.

  8. Active Directory 同盟服務 (AD FS)頁面上,按On the Active Directory Federation Service (AD FS) page, click Next.

  9. 選擇角色服務頁面上,選取 [同盟服務核取方塊,,然後按一下 [下一步On the Select role services page, select the Federation Service check box, and then click Next.

  10. 網頁伺服器角色 (IIS)頁面上,按一下 [On the Web Server Role (IIS) page, click Next.

  11. 選擇角色服務頁面上,按一下 [On the Select role services page, click Next.

  12. 在確認此資訊後確認安裝選項頁面上,選取必要時自動重新開機目的伺服器核取方塊,並再按安裝After you verify the information on the Confirm installation selections page, select the Restart the destination server automatically if required check box, and then click Install.

  13. 安裝進度頁面,確認所有正確,安裝,然後按一下 [關閉On the Installation progress page, verify that everything installed correctly, and then click Close.