配置SharePoint使用ADFS

1. 如果网站应用程序没有使用声明式验证

$wpp = Get-SPWebApplication <URL>

$wpp.UseClaimsAuthentication  = 1

$wpp.Update()

2. 给网站应用程序配置SSL证书

进入到IIS服务器证书,申请域证书

image

3. 配置SP服务器备用访问映射

image

4. 安装ADFS

clip_image004

5. ADFS 2.0 Federation Server Configuration Wizard

clip_image005

clip_image006

6. 配置ADFS - 安装ADFS证书

clip_image001

Step 1 - Install to local Trusted Root

clip_image002

clip_image003

clip_image004

Step 2 - Export the Token Signing Cert

clip_image006

clip_image007

Step 3 - Grab the Web Cert for ADFS as well

While we are here, lets grab the ADFS Web Certificate as well, as we will need that. This certificate happens to be in the Personal store.

clip_image008

到这一步就比较关键了,需要到SharePoint服务器中执行

Step 4 - Install the Certs into the SharePoint Box Trusted Root

导入刚才导出的两个证书

clip_image009

SharePoint Trusted Provider

$certPath = “C:CertificatesTokenSigningCert.cer”
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“$certPath”)
$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming
$sidClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid" -IncomingClaimTypeDisplayName "SID" –SameAsIncoming
$realm = “urn:” + $env:ComputerName + “:adfs”
$signinurl = “https://xxx/adfs/ls/”
$ap = New-SPTrustedIdentityTokenIssuer -Name “ADFS20Server” -Description “ADFS 2.0 Federated Server” -Realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap,$upnClaimMap,$roleClaimMap,$sidClaimMap -SignInUrl $signinurl -IdentifierClaim $emailClaimmap.InputClaimType

New-SPTrustedRootAuthority “Contoso ADFS Token Signing Trusted Root Authority” -Certificate $cert
$certPath = “C:CertificatesADFSWebCert.cer” 
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“$certPath”) 
New-SPTrustedRootAuthority “DSDContosoDC web server” -Certificate $cert

配置ADFS信任关系

clip_image013

选择手动配置

clip_image014

选择信任SharePoint

clip_image015

Edit Claim Rules

clip_image017

clip_image018

配置SharePoint站点

clip_image021

参考文档

http://technet.microsoft.com/en-us/library/hh305235.aspx

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/frankzye/p/3166733.html