Web SSO 設計Web SSO Design

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

在網頁中 Active Directory 同盟服務 (AD FS) Single\ Sign\ 上 (SSO) 設計,使用者必須一次多 AD FS\ 保護的應用程式或服務存取驗證。In the Web Single-Sign-On (SSO) design in Active Directory Federation Services (AD FS), users must authenticate only once to access multiple AD FS-secured applications or services. 在這種設計所有使用者都的外部,並不存在同盟信任因為都不有任何合作夥伴。In this design all users are external, and no federation trust exists because there are no partner organizations. 一般而言,當您想要提供一或多個 AD FS – 保護服務或應用程式個人消費者或客戶存取網際網路,如下所示部署這個設計。Typically, you deploy this design when you want to provide individual consumer or customer access to one or more AD FS–secured services or applications over the Internet, as shown in the following illustration.

web sso 設計

Web SSO 設計,通常主控 AD FS\ 保護的應用程式的組織或周邊網路的服務,可以維持不同的周邊網路,讓它更容易找出員工帳號客戶帳號客戶帳號存放區。With the Web SSO design, an organization that typically hosts an AD FS-secured application or service in a perimeter network can maintain a separate store of customer accounts in the perimeter network, which makes it easier to isolate customer accounts from employee accounts.

您可以管理本機帳號周邊網路中針對使用 Active Directory Domain Services (AD DS)、 SQL Server 或自訂屬性存放區。You can manage the local accounts for customers in the perimeter network by using either Active Directory Domain Services (AD DS), SQL Server, or a custom attribute store.

這種設計相合部署目標中使用提供您 Active Directory 使用者存取您宣告感知應用程式與服務This design coincides with the deployment goal in Provide Your Active Directory Users Access to Your Claims-Aware Applications and Services.

如需詳細的工作,您可以使用計劃和部署網頁 SSO 設計的清單,請查看檢查清單︰ 實作 Web SSO 設計For a list of detailed tasks that you can use to plan and deploy your Web SSO design, see Checklist: Implementing a Web SSO Design.

也了See Also

Windows Server 2012 中的 AD FS 設計指南AD FS Design Guide in Windows Server 2012