配置SharePoint使用ADFS

时间:2021-11-02 04:13:49

1. 如果网站应用程序没有使用声明式验证

$wpp = Get-SPWebApplication <URL>

$wpp.UseClaimsAuthentication  = 1

$wpp.Update()

2. 给网站应用程序配置SSL证书

进入到IIS服务器证书,申请域证书

配置SharePoint使用ADFS

3. 配置SP服务器备用访问映射

配置SharePoint使用ADFS

4. 安装ADFS

配置SharePoint使用ADFS

5. ADFS 2.0 Federation Server Configuration Wizard

配置SharePoint使用ADFS

配置SharePoint使用ADFS

 

6. 配置ADFS - 安装ADFS证书

配置SharePoint使用ADFS

Step 1 - Install to local Trusted Root

配置SharePoint使用ADFS

 

配置SharePoint使用ADFS

 

配置SharePoint使用ADFS

 

Step 2 - Export the Token Signing Cert

配置SharePoint使用ADFS

配置SharePoint使用ADFS

Step 3 - Grab the Web Cert for ADFS as well

While we are here, lets grab the ADFS Web Certificate as well, as we will need that. This certificate happens to be in the Personal store.

配置SharePoint使用ADFS

到这一步就比较关键了,需要到SharePoint服务器中执行

Step 4 - Install the Certs into the SharePoint Box Trusted Root

导入刚才导出的两个证书

配置SharePoint使用ADFS

 

SharePoint Trusted Provider

$certPath = “C:\Certificates\TokenSigningCert.cer”

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“$certPath”)

$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming

$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming

$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

$sidClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" -IncomingClaimTypeDisplayName "SID" –SameAsIncoming

$realm = “urn:” + $env:ComputerName + “:adfs”

$signinurl = “https://xxx/adfs/ls/”

$ap = New-SPTrustedIdentityTokenIssuer -Name “ADFS20Server” -Description “ADFS 2.0 Federated Server” -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap,$upnClaimMap,$roleClaimMap,$sidClaimMap -SignInUrl $signinurl -IdentifierClaim $emailClaimmap.InputClaimType

New-SPTrustedRootAuthority “Contoso ADFS Token Signing Trusted Root Authority” -Certificate $cert

 

$certPath = “C:\Certificates\ADFSWebCert.cer”

$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“$certPath”)

New-SPTrustedRootAuthority “DSDContosoDC web server” -Certificate $cert

配置ADFS信任关系

配置SharePoint使用ADFS

选择手动配置

配置SharePoint使用ADFS

选择信任SharePoint

配置SharePoint使用ADFS

Edit Claim Rules

配置SharePoint使用ADFS

 

配置SharePoint使用ADFS

 

配置SharePoint站点

配置SharePoint使用ADFS

参考文档

http://technet.microsoft.com/en-us/library/hh305235.aspx

相关文章