SharePoint 混合单点--Azure访问控制服务(ACS)与S2S身份验证信任

04/01 10:53
阅读数 38

Azure访问控制服务(ACS)与认证具体操作

S2S trust with ACS.

在SharePoint 混合信任认证时,需要在服务器上创建S2S信任。也就是三方信任。SharePoint, SharePoint online 和Azsure AD。

也顺便提一下,这里说的SharePoint 是 SharePoint on-premise.

操作步骤如下,

1,S2S Trust relationship needs to be created.  

2,Trust between SharePoint on-premises farm,SharePoint online and Azure AD

3,  SPO uses Azure AD as a trusted token singing service.

4, S2S auth configuration done through the hybrid picker wizard.

5, S2S auth can be configuraed via powershell

  • required for -
  • Hybried Search
  • Hybrid BCS
  • Hybrid sites features
  • Hybrid taxonomy(preview)

上面内容提到混合搜索,Hybried Search,这个功能是什么那?

1,Hybrid Search

  • important prerequisite for hybrid search.
  • Users can query SharePoint Online index from on-premises.
  • Users can query on-premises content from within SharePoint online.

上面这两句废话是,用户可以使用本地版查找Sharepoint online 场,反过来也一样,可以使用online 查找本地服务器场。

2, Search Queries

  • Search Request is sent with users UPN.
  • UPN is used to look up identity of the user in SPO user profile store.
  • If match found, user identity is regenerated in the cloud.
  • used to perform security trimming of search results.

证书,这里很重要,我简单解释一下,在SharePoint 已经有一个证书了。这里被当作STS 使用,是一个安全令牌的服务证书。

  • SharePoint on-premises has its own self signed certs.
  • Validates incoming tokens.
  • In hybrid, Azure AD is trusted token signing service for SPO.
  • Uses SP on-premises STS certificate as the signing certificate.
  • Use your existing SharePoint on-premises STS certificate.
  • Or create your own ertificate.
  • Can be self signed.
  • Do not reuse the certificate.

配置S2S 信任方法:

Post Install:

after the S2S trust,

  • Security tokens issued by Azure AD are trusted by SharePoint Online and on-premises.
  • SharePoint online registered as a high-trust application in sharePoint on-premises.
  • Users are granted access based on security tokens.
  • Tokens are used by authentication services in both online and on-prem

总之,SP,SPO 和S2S,在混合使用非常重要,也是无缝集成的,

 

 

 

 

 

 

 

 

 

 

 

发布了397 篇原创文章 · 获赞 102 · 访问量 121万+
展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
OSCHINA
登录后可查看更多优质内容
返回顶部
顶部