建立傳送給 AD FS 1.x 相容理賠要求規則Create a Rule to Send an AD FS 1.x Compatible Claim

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

在您使用 Active Directory 同盟服務情形 (AD FS) 發行宣告,將會收到同盟伺服器執行 AD FS 1.0 \ (Windows Server 2003 R2) 或 AD FS 1.1 \(Windows Server 2008 或 Windows Server 2008 R2\),您必須執行下列動作:In situations in which you are using Active Directory Federation Services (AD FS) to issue claims that will be received by federation servers running AD FS 1.0 (Windows Server 2003 R2) or AD FS 1.1 (Windows Server 2008 or Windows Server 2008 R2), you must do the following:

根據您的組織的需求,使用下列程序來建立 AD FS 1。x相容 NameID 宣告:Depending on the needs of your organization, use one of the following procedures to create an AD FS 1.x compatible NameID claim:

  • 建立問題 AD FS 1.x 名稱 ID 宣告使用此規則傳遞透過或篩選傳入取得規則範本Create this rule to issue an AD FS 1.x Name ID claim using the Pass Through or Filter an Incoming Claim rule template

  • 建立問題 AD FS 1.x 名稱 ID 宣告使用此規則轉換輸入宣告規則範本Create this rule to issue an AD FS 1.x Name ID claim using the Transform an Incoming Claim rule template. 您可以使用此規則範本中您想来變更將會使用 AD FS 1 新宣告類型現有宣告類型。You can use this rule template in situations in which you want to change the existing claim type to a new claim type that will work with AD FS 1. x主張。x claims.

注意

此規則如預期般運作,請確定該信賴廠商信任或建立此規則宣告提供者信任已設定為使用AD FS 1.0 和 1.1 設定檔For this rule to work as expected, make sure that the relying party trust or claims provider trust where you are creating this rule has been configured to use the AD FS 1.0 and 1.1 profile.

若要建立發出 AD FS 1 規則。x名稱 ID 取得使用傳遞透過或篩選傳入取得規則範本,可以方信任 Windows Server 2016 上To create a rule to issue an AD FS 1.x Name ID claim using the Pass Through or Filter an Incoming Claim rule template on a Relying Party Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 主控台中在AD FS,按一下 [做為基礎的派對信任In the console tree, under AD FS, click Relying Party Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯宣告發行原則Right-click the selected trust, and then click Edit Claim Issuance Policy. 建立規則

  4. 編輯宣告發行原則對話方塊中,在發行轉換規則新增規則以開始規則精靈。In the Edit Claim Issuance Policy dialog box, under Issuance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取傳遞透過或篩選連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Pass Through or Filter an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型名稱 ID清單中。In Incoming claim type, select Name ID in the list.

  8. 連入名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Incoming name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  9. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 只有在特定取得值通過Pass through only a specific claim value

    • 通過符合尾碼值特定的電子郵件宣告並值Pass through only claim values that match a specific email suffix value

    • 通過的 [開始] 的特定值宣告值Pass through only claim values that start with a specific value
      建立規則

  10. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

若要建立發出 AD FS 1 規則。x名稱 ID 取得使用傳遞透過或篩選傳入取得規則範本,Windows Server 2016 宣告提供者信任上To create a rule to issue an AD FS 1.x Name ID claim using the Pass Through or Filter an Incoming Claim rule template on a Claims Provider Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 在主控台在AD FS,按一下 [宣告提供者信任In the console tree, under AD FS, click Claims Provider Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules. 建立規則

  4. 編輯理賠要求規則對話方塊中,在接受轉換規則[新增規則開始規則精靈。In the Edit Claim Rules dialog box, under Acceptance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取傳遞透過或篩選連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Pass Through or Filter an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型名稱 ID清單中。In Incoming claim type, select Name ID in the list.

  8. 連入名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Incoming name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  9. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 只有在特定取得值通過Pass through only a specific claim value

    • 通過符合尾碼值特定的電子郵件宣告並值Pass through only claim values that match a specific email suffix value

    • 通過的 [開始] 的特定值宣告值Pass through only claim values that start with a specific value
      建立規則

  10. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

若要建立轉換可以方信任 Windows Server 2016 上的連入理賠要求規則To create a rule to transform an incoming claim on a Relying Party Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 主控台中在AD FS,按一下 [做為基礎的派對信任In the console tree, under AD FS, click Relying Party Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯宣告發行原則Right-click the selected trust, and then click Edit Claim Issuance Policy. 建立規則

  4. 編輯宣告發行原則對話方塊中,在發行轉換規則新增規則以開始規則精靈。In the Edit Claim Issuance Policy dialog box, under Issuance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型,選取您想要轉換的清單中,連入宣告的類型。In Incoming claim type, select the type of incoming claim that you want to transform in the list.

  8. 傳出宣告類型名稱 ID清單中。In Outgoing claim type, select Name ID in the list.

  9. 撥出名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Outgoing name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  10. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

  11. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

若要建立轉換在 Windows Server 2016 宣告提供者信任傳入理賠要求規則To create a rule to transform an incoming claim on a Claims Provider Trust in Windows Server 2016

  1. 在伺服器管理員中,按一下工具,然後選取 [ AD FS 管理In Server Manager, click Tools, and then select AD FS Management.

  2. 在主控台在AD FS,按一下 [宣告提供者信任In the console tree, under AD FS, click Claims Provider Trusts. 建立規則

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules. 建立規則

  4. 編輯理賠要求規則對話方塊中,在接受轉換規則[新增規則開始規則精靈。In the Edit Claim Rules dialog box, under Acceptance Transform Rules click Add Rule to start the rule wizard. 建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型,選取您想要轉換的清單中,連入宣告的類型。In Incoming claim type, select the type of incoming claim that you want to transform in the list.

  8. 傳出宣告類型名稱 ID清單中。In Outgoing claim type, select Name ID in the list.

  9. 撥出名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Outgoing name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  10. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

  11. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

若要建立發出 AD FS 1 規則。x名稱 ID 取得使用傳遞透過或篩選傳入取得規則範本,Windows Server 2012 R2 上To create a rule to issue an AD FS 1.x Name ID claim using the Pass Through or Filter an Incoming Claim rule template on Windows Server 2012 R2

  1. 在伺服器管理員中,按一下工具,然後按AD FS 管理In Server Manager, click Tools, and then click AD FS Management.

  2. 主控台中在AD FS\Trust 關係,按一下宣告提供者信任可以廠商信任,,然後按一下 [特定信任在清單中您想要用來建立本規則。In the console tree, under AD FS\Trust Relationships, click either Claims Provider Trusts or Relying Party Trusts, and then click a specific trust in the list where you want to create this rule.

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules.
    建立規則

  4. 編輯理賠要求規則對話方塊中,選取其中一個下列索引標籤,根據您正在編輯,設定您的規則信任想要建立單元,此規則,然後按一下新增規則以開始規則該組相關聯的規則精靈:In the Edit Claim Rules dialog box, select one the following tabs, depending on the trust you are editing and which rule set you want to create this rule in, and then click Add Rule to start the rule wizard that is associated with that rule set:

    • 接受轉換規則Acceptance Transform Rules

    • 發行轉換規則Issuance Transform Rules

    • 發行授權規則Issuance Authorization Rules

    • 委派授權規則Delegation Authorization Rules
      建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取傳遞透過或篩選連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Pass Through or Filter an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型名稱 ID清單中。In Incoming claim type, select Name ID in the list.

  8. 連入名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Incoming name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  9. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 只有在特定取得值通過Pass through only a specific claim value

    • 通過符合尾碼值特定的電子郵件宣告並值Pass through only claim values that match a specific email suffix value

    • 通過的 [開始] 的特定值宣告值Pass through only claim values that start with a specific value
      建立規則

  10. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

若要建立發出 AD FS 1 規則。x Windows Server 2012 R2 使用轉換輸入宣告規則範本名稱 ID 宣告To create a rule to issue an AD FS 1.x Name ID claim using the Transform an Incoming Claim rule template in Windows Server 2012 R2

  1. 在伺服器管理員中,按一下工具,然後按AD FS 管理In Server Manager, click Tools, and then click AD FS Management.

  2. 主控台中在AD FS\Trust 關係,按一下宣告提供者信任可以廠商信任,,然後按一下 [特定信任在清單中您想要用來建立本規則。In the console tree, under AD FS\Trust Relationships, click either Claims Provider Trusts or Relying Party Trusts, and then click a specific trust in the list where you want to create this rule.

  3. Right\ 按一下信任選取,然後再按一下編輯理賠要求規則Right-click the selected trust, and then click Edit Claim Rules.
    建立規則

  4. 編輯理賠要求規則對話方塊中,選取其中一種下列索引標籤,而定信任您正在編輯,並在哪一個規則設定您想要建立本規則,然後按一下 [ [新增規則以開始規則該組相關聯的規則精靈:In the Edit Claim Rules dialog box, select one the following tabs, which depends on the trust that you are editing and in which rule set you want to create this rule, and then click Add Rule to start the rule wizard that is associated with that rule set:

    • 接受轉換規則Acceptance Transform Rules

    • 發行轉換規則Issuance Transform Rules

    • 發行授權規則Issuance Authorization Rules

    • 委派授權規則Delegation Authorization Rules
      建立規則

  5. 選取 [規則範本頁面上,在理賠要求規則範本,選取轉換連入宣告從清單中,然後按一下下一步On the Select Rule Template page, under Claim rule template, select Transform an Incoming Claim from the list, and then click Next.
    建立規則

  6. 設定規則頁面上,輸入宣告規則的名稱。On the Configure Rule page, type a claim rule name.

  7. 傳入宣告類型,選取您想要轉換的清單中,連入宣告的類型。In Incoming claim type, select the type of incoming claim that you want to transform in the list.

  8. 傳出宣告類型名稱 ID清單中。In Outgoing claim type, select Name ID in the list.

  9. 撥出名稱 ID 格式,選取其中一個 AD FS 1 下列。x-compatible 取得格式清單:In Outgoing name ID format, select one of the following AD FS 1.x-compatible claim formats from the list:

    • UPNUPN

    • E\ 郵件E-Mail

    • 一般的名稱Common Name

  10. 選取下列其中一個選項,根據您的組織的需求:Select one of the following options, depending on the needs of your organization:

    • 通過所有宣告值Pass through all claim values

    • 使用不同的傳出宣告值取代傳入宣告值Replace an incoming claim value with a different outgoing claim value

    • 使用新的電子郵件 e\ 尾碼取代連入 e\ 郵件尾碼宣告Replace incoming e-mail suffix claims with a new e-mail suffix
      建立規則

  11. 按一下完成,然後按一下 [ [確定]來儲存規則。Click Finish, and then click OK to save the rule.

其他參考資料Additional references

設定理賠要求規則Configure Claim Rules

檢查清單︰ 建立信賴的派對信任理賠要求規則Checklist: Creating Claim Rules for a Relying Party Trust

檢查清單︰ 建立理賠要求規則宣告提供者信任Checklist: Creating Claim Rules for a Claims Provider Trust

使用授權理賠要求規則When to Use an Authorization Claim Rule

宣告的角色The Role of Claims

宣告規則的角色The Role of Claim Rules