已改善交互操作 SAML 2.0Improved interoperability with SAML 2.0

適用於:Windows Server 2016Applies To: Windows Server 2016

在 Windows Server 2016 AD FS 包含其他 SAML 通訊協定支援,包括根據中繼資料包含多個項目信任匯入的支援。AD FS in Windows Server 2016 contains additional SAML protocol support, including support for importing trusts based on metadata that contains multiple entities. 這可讓您設定在 confederations InCommon 聯盟和其他實作 eGov 2.0 一般符合參與 AD FS。This enables you to configure AD FS to participate in confederations such as InCommon Federation and other implementations conforming to the eGov 2.0 standard.

新的功能根據信賴或宣告提供者信任的群組。The new capability is based on groups of relying party or claims provider trusts. 每個群組是 EntitiesDescriptor (< md:EntitiesDescriptor >) 為 eGov 中指定 2.0 的個人檔案,包含一或多個 EntityDescriptor 項目。Each group is an EntitiesDescriptor (<md:EntitiesDescriptor>) element as specified in the eGov 2.0 profile, containing one or many EntityDescriptor elements. 群組有常見的授權規範,且可以修改所有其他屬性,例如個人信任物件。The groups have common authorization rules, and all other properties can be modified like individual trust objects.

在信任群組匯入 AD FS,AD FS 自動更新信任為基礎的中繼資料文件群組。Once the trust groups are imported into AD FS, AD FS automatically updates the trusts as a group based on the metadata document.

讓這些案例中,就像簡單使用新的 PowerShell commandlets 該新增和移除 AdfsClaimsProviderTrustsGroup AdfsRelyingPartyTrustsGroup 物件。Enabling these scenarios is as simple as using the new PowerShell commandlets that Add and Remove AdfsClaimsProviderTrustsGroup and AdfsRelyingPartyTrustsGroup objects. 這可以使用 URL 中繼資料或檔案,以下的範例所示。This can be done using a metadata URL or a file, as shown in the examples below.

此外,AD FS 2016 已支援的範圍參數,SAML 核心規格 3.4.1.2 一節中所述。Additionally, AD FS 2016 has support for the scoping parameter as described in the SAML Core specification, section 3.4.1.2. 此項目可可以指定一方,或要求其他驗證身分提供者。This element allows relying parties to specify one or more identity providers for an authentication request.

範例Examples

Add-AdfsClaimsProviderTrustsGroup -MetadataUrl "https://www.contosoconsortium.com/metadata/metadata.xml"   
Add-AdfsClaimsProviderTrustsGroup -MetadataFile "C:\metadata.xml"   

資訊尋找參考資料References

找不到 eGov 2.0 設定檔在此。The eGov 2.0 profile can be found here.

找不到 SAML 核心規格在此。The SAML Core specification can be found here.