Windows Server 2012 AD FS 部署指南Windows Server 2012 AD FS Deployment Guide

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

您可以與 Windows Server® 2012 年作業系統使用 Active Directory()同盟服務 (AD FS) 建置聯盟的身分管理方案分散式的驗證,驗證和延伸服務 Web\ 為基礎的應用程式授權組織和邊界平台。You can use Active Directory® Federation Services (AD FS) with the Windows Server® 2012 operating system to build a federated identity management solution that extends distributed identification, authentication, and authorization services to Web-based applications across organization and platform boundaries. 部署 AD FS,您可以網際網路延伸您組織的現有的身分管理功能。By deploying AD FS, you can extend your organization’s existing identity management capabilities to the Internet.

您可以部署至 AD FS:You can deploy AD FS to:

  • 提供您的員工或針對 Web\ 為基礎,single\ sign\ 上 (SSO) 體驗時所需遠端內部裝載的網站或服務的存取。Provide your employees or customers with a Web-based, single-sign-on (SSO) experience when they need remote access to internally hosted Web sites or services.

  • 提供您的員工或針對 Web\ 型 SSO 體驗當他們存取 cross\ 組織的網站或中防火牆網路的服務。Provide your employees or customers with a Web-based, SSO experience when they access cross-organizational Web sites or services from within the firewalls of your network.

  • 提供您的員工或針對順暢地存取網際網路上的任何聯盟合作夥伴組織中的 Web\ 資源而不需要員工或針對超過一次登入。Provide your employees or customers with seamless access to Web-based resources in any federation partner organization on the Internet without requiring employees or customers to log on more than once.

  • 不使用其他 sign\ 上提供者會保留完全掌控您的員工或客戶身分 \(Windows Live ID、自由 Alliance 和 others\)。Retain complete control over your employee or customer identities without using other sign-on providers (Windows Live ID, Liberty Alliance, and others).

有關本指南About this guide

本指南被針對使用系統管理員或系統的工程師。This guide is intended for use by system administrators and system engineers. 提供的已您或您在組織中的基礎結構專員或系統設計師預先選擇 AD FS 設計用來部署詳細指導方針。It provides detailed guidance for deploying an AD FS design that has been preselected by you or an infrastructure specialist or system architect in your organization.

如果尚未選取設計,我們建議您等候之後您已經檢視設計選項,請依照下列直到本文中的指示,在 Windows Server 2012 中 AD FS 程式設計指南,而且您的組織選取最適合的設計。If a design has not yet been selected, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the AD FS Design Guide in Windows Server 2012 and you have selected the most appropriate design for your organization. 如需有關本指南使用的設計,已選取的詳細資訊,請實作您 AD FS 設計計劃For more information about using this guide with a design that has already been selected, see Implementing Your AD FS Design Plan.

設計節目表中選取您的設計並收集關於宣告、權杖類型、屬性儲存及其他項目的必要的資訊後,您可以使用此快速入門,production 環境中部署 AD FS 設計。After you select your design from the design guide and gather the required information about claims, token types, attribute stores, and other items, you can use this guide to deploy your AD FS design in your production environment. 本指南提供部署主要 AD FS 設計下列其中一項步驟:This guide provides steps for deploying either of the following primary AD FS designs:

  • Web SSOWeb SSO

  • 聯盟的網路 SSOFederated Web SSO

使用中的檢查清單實作您 AD FS 設計計劃以最佳方式判斷部署特定設計本指南使用的指示操作。Use the checklists in Implementing Your AD FS Design Plan to determine how best to use the instructions in this guide to deploy your particular design. 部署 AD FS 硬體與軟體需求的相關資訊,請查看附錄 a:審查 AD FS 需求中的 AD FS 設計。For information about hardware and software requirements for deploying AD FS, see the Appendix A: Reviewing AD FS Requirements in the AD FS Design Guide.

未提供哪些本指南What this guide does not provide

本指南不提供:This guide does not provide:

  • 相關的時機,以及聯盟伺服器、聯盟伺服器 proxy 或網頁伺服器置於現有的網路基礎結構指導方針。Guidance regarding when and where to place federation servers, federation server proxies, or Web servers in your existing network infrastructure. 這項資訊,請查看聯盟計畫伺服器位置規劃聯盟伺服器 Proxy 位置中 AD FS 設計。For this information, see Planning Federation Server Placement and Planning Federation Server Proxy Placement in the AD FS Design Guide.

  • 設定 AD FS 使用憑證授權單位 (CAs) 指導方針Guidance for using certification authorities (CAs) to set up AD FS

  • 適用於設定或設定特定 Web\ 為基礎的應用程式的指導方針Guidance for setting up or configuring specific Web-based applications

  • 安裝指示的特定設定實驗室測試。Setup instructions that are specific to setting up a test lab environment.

  • 如何自訂聯盟登入畫面、web.config 檔案或設定資料庫的相關資訊。Information about how to customize federated logon screens, web.config files, or the configuration database.

本指南In this guide