檢視聯盟伺服器 Proxy 資源夥伴中的角色Review the Role of the Federation Server Proxy in the Resource Partner

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

在 Active Directory 同盟服務 (AD FS) 聯盟伺服器 proxy 可以一或多個下列的角色,根據您如何設定需求資源合作夥伴組織的伺服器功能:A federation server proxy in Active Directory Federation Services (AD FS) can function in one or more of the following roles, depending on how you configure the server to meet the needs of the resource partner organization:

  • Account 合作夥伴探索: client 的網際網路的電腦必須找出您所 account 合作夥伴將驗證它。Account partner discovery: An Internet client computer must identify which account partner will authenticate it. Client 使用 account 合作夥伴探索 Web 表單 (discoverclientrealm.aspx)、儲存在聯盟伺服器 proxy 資源夥伴中尋找 account 合作夥伴。The client finds the account partner by using an account partner discovery Web form (discoverclientrealm.aspx), which is stored on the federation server proxy in the resource partner. 如果超過一個 account 合作夥伴 snap\ 中,向下 drop\ 功能表似乎 client 與看到網際網路存取 account 合作夥伴探索 Web 表單 client 電腦的所有可用 account 協力廠商 AD FS 管理設定。If more than one account partner is configured in the AD FS Management snap-in, a drop-down menu appears to the client with all the available account partners that are visible to Internet client computers that access the account partner discovery Web form. 您可以變更 account 合作夥伴探索 Web 表單顯示的方式 client 電腦自訂 discoverclientrealm.aspx 檔案。You can change how the account partner discovery Web form is presented to client computers by customizing the discoverclientrealm.aspx file.

  • 安全性權杖重新導向:聯盟伺服器 proxy account 合作夥伴中的將的安全性權杖傳送到資源合作夥伴。Security token redirection: The federation server proxy in the account partner sends the security tokens to the resource partner. 資源聯盟伺服器 proxy 接受這些權杖和傳遞到資源合作夥伴聯盟伺服器。The resource federation server proxy accepts these tokens and passes them on to the federation server in the resource partner. 資源聯盟伺服器然後問題的安全性權杖繫結的特定資源網頁伺服器。The resource federation server then issues a security token that is bound for a specific resource Web server. 資源聯盟伺服器 proxy 再重新導向至 amc 權杖 client。The resource federation server proxy then redirects the token to the client.

總結資源聯盟 proxy 伺服器幫助您藉由驗證戶端聯盟伺服器重新導向 client 電腦的登入聯盟程序。To summarize, a resource federation server proxy facilitates the federated logon process by redirecting client computers to a federation server that can authenticate the clients. 資源聯盟 proxy 伺服器也做為 proxy client 的安全性權杖給資源聯盟伺服器。A resource federation server proxy also acts as a proxy for client security tokens to resource federation servers.

注意

以協助降低的硬體和數目需要憑證必要時,可以位於聯盟 proxy 伺服器相同的電腦與 Web 伺服器上。When it is necessary to help reduce the amount of hardware and the number of required certificates, the federation server proxy can be located on the same computer as the Web server.

也了See Also

Windows Server 2012 中的 AD FS 設計指南AD FS Design Guide in Windows Server 2012