AD FS 在 Windows Server 2016 中的自訂項目AD FS Customization in Windows Server 2016

適用於:Windows Server 2016Applies To: Windows Server 2016

使用 AD FS 組織的意見反應回應,我們已經新增額外的工具,來自訂使用者登入個人 AD FS 受保護的應用程式的體驗。In response to feedback from organizations using AD FS, we have added additional tools to customize the user sign in experience for individual applications protected by AD FS.
除了指定每個應用程式網頁描述文字和的連結,現在可以指定整個 web 主題每個應用程式。In addition to specifying per-application web content such as description text and links, now you can specify entire web themes per application. 這包括商標、圖、樣式凍結,或是整個 onload.js 檔案。This includes logo, illustration, style sheets, or an entire onload.js file.

通用設定Global Settings

一般全球設定您可以參考[自訂頁面 AD FS 登入,隨附在 Windows Server 2012 R2 AD FS。For general global settings you can refer to Customizing the AD FS Sign-in Pages that shipped with AD FS in Windows Server 2012 R2.

必要條件Pre-requisites

下列必要條件,需要先本文件概述的程序。The following pre-requisites are required before attempting the procedures outlined in this document.

  • AD FS 在 Windows Server 2016 TP4 或更新版本AD FS in Windows Server 2016 TP4 or later

設定 AD FS 可以派對Configure AD FS Relying parties

Web 登入信賴廠商每項目和主題:您可以設定使用 PowerShell 範例如下:Per relying party sign-in web elements and themes can be configured using the PowerShell examples below:

來自訂郵件Customize messages

PS C:\>Set-AdfsRelyingPartyWebContent  
    -TargetRelyingPartyName "<RP trust Name>"  
    -CompanyName "This text appears in place of the federation service display name"  
    -OrganizationalNameDescriptionText "This text appears right below the company name"  
    -SignInPageDescription "This text appears below the credential prompt"  

自訂公司名稱、商標,以及影像Customize company name, logo, and image

PS C:\>Set-AdfsRelyingPartyWebTheme  
    -TargetRelyingPartyName "<RP trust Name>"  
    -Logo @{path="C:\Images\applogo.png"}  
    -Illustration @{path="C:\Images\appillustration.jpg"}  

自訂整個頁面Customize entire page

PS C:\>Set-AdfsRelyingPartyWebTheme  
    -TargetRelyingPartyName "<RP trust Name>"  
    -OnLoadScriptPath @{path="c:\scripts\adfstheme\onload.js"}  

自訂主題:和進階自訂的主題Custom themes and advanced custom themes

請參考自訂主題中的自訂 AD FS 登入頁面進階自訂 AD FS 登入頁面。For custom themes refer to Customizing the AD FS Sign-in Pages and Advanced Customization of AD FS Sign-in Pages.

指派自訂 web 主題每資源點數Assigning custom web themes per RP

若要指定自訂主題每次資源點數使用下列程序:To assign a custom theme per RP use the following procedure:

  1. 做為預設值,AD FS 中的全域主題複製建立新的主題Create a new theme as a copy for the default, global theme in AD FS
    New-AdfsWebTheme -Name AppSpecificTheme -SourceName default
  2. 匯出自訂的主題Export-AdfsWebTheme -Name AppSpecificTheme -DirectoryPath c:\appspecifictheme3.在您最愛的編輯器自訂主題檔案的影像、客服支援(onload.js)-或更換檔案 4。Export the theme for customization Export-AdfsWebTheme -Name AppSpecificTheme -DirectoryPath c:\appspecifictheme 3. Customize theme files (images, css, onload.js) - in your favorite editor or replace the file 4. 匯入 AD FS(目標新主題)檔案自訂的檔案系統Set-AdfsWebTheme -TargetName AppSpecificTheme -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';Path="c:\appspecifictheme\script\onload.js"}5.適用於特定資源點數(或資源點數的)的新的自訂主題Import customized files from the file system to AD FS (targeting the new theme) Set-AdfsWebTheme -TargetName AppSpecificTheme -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';Path="c:\appspecifictheme\script\onload.js"} 5. Apply the new, customized theme to the specific RP (or RP's) Set-AdfsRelyingPartyWebTheme -TargetRelyingPartyName urn:app1 -SourceWebThemeName AppSpecificTheme

家用領域探索Home Realm Discovery

家用領域 dicovery 自訂看到[自訂頁面 AD FS 登入For home realm dicovery customization see Customizing the AD FS Sign-in Pages.

已更新的密碼頁面Updated password page

自訂更新密碼頁面上資訊的查看[自訂頁面 AD FS 登入For information on customizing the update password page see Customizing the AD FS Sign-in Pages.

自訂及其他 IdCustomizing and Alternate IDs

使用者可以登入 Active Directory 同盟 Services (AD FS)-的應用程式使用任何形式的使用者識別碼接受 Active Directory Domain Services (AD DS)。Users can sign in to Active Directory Federation Services (AD FS)-enabled applications using any form of user identifier that is accepted by Active Directory Domain Services (AD DS). 其中包括使用者主體名稱 (Upn) (johndoe@contoso.com) 或網域完整坡-account 名稱(contoso\johndoe 或 contoso.com\johndoe)。These include User Principal Names (UPNs) (johndoe@contoso.com) or domain qualified sam-account names (contoso\johndoe or contoso.com\johndoe). 如需有關這個查看id 設定的其他登入。For more information on this see Configuring Alternate Login ID.

您可能會此外想要自訂 AD FS 登入頁面,讓使用者一些有關其他登入收到提示You may additionally want to customize the AD FS sign-in page to give end users some hint about the alternate login ID. 您可以新增更多的資訊查看自訂的登入頁面描述來執行自訂 AD FS 登入頁面。You can do it by adding the customized sign-in page description for more information see Customizing the AD FS Sign-in Pages.

您也可以執行此動作,自訂的使用者名稱] 欄位上述的「登入組織 account「字串。You can also do this by customizing "Sign in with organizational account" string above username field. 查看此資訊的進階自訂項目 AD FS 登入頁面的For information on this see Advanced Customization of AD FS Sign-in Pages.

其他參考資料Additional references

AD FS 使用者登入自訂AD FS User Sign-in Customization