Azure访问控制服务(ACS)与认证具体操作
S2S trust with ACS.
在SharePoint 混合信任认证时,需要在服务器上创建S2S信任。也就是三方信任。SharePoint, SharePoint online 和Azsure AD。
也顺便提一下,这里说的SharePoint 是 SharePoint on-premise.
操作步骤如下,
1,S2S Trust relationship needs to be created.
2,Trust between SharePoint on-premises farm,SharePoint online and Azure AD
3, SPO uses Azure AD as a trusted token singing service.
4, S2S auth configuration done through the hybrid picker wizard.
5, S2S auth can be configuraed via powershell
- required for -
- Hybried Search
- Hybrid BCS
- Hybrid sites features
- Hybrid taxonomy(preview)
上面内容提到混合搜索,Hybried Search,这个功能是什么那?
1,Hybrid Search
- important prerequisite for hybrid search.
- Users can query SharePoint Online index from on-premises.
- Users can query on-premises content from within SharePoint online.
上面这两句废话是,用户可以使用本地版查找Sharepoint online 场,反过来也一样,可以使用online 查找本地服务器场。
2, Search Queries
- Search Request is sent with users UPN.
- UPN is used to look up identity of the user in SPO user profile store.
- If match found, user identity is regenerated in the cloud.
- used to perform security trimming of search results.
证书,这里很重要,我简单解释一下,在SharePoint 已经有一个证书了。这里被当作STS 使用,是一个安全令牌的服务证书。
- SharePoint on-premises has its own self signed certs.
- Validates incoming tokens.
- In hybrid, Azure AD is trusted token signing service for SPO.
- Uses SP on-premises STS certificate as the signing certificate.
- Use your existing SharePoint on-premises STS certificate.
- Or create your own ertificate.
- Can be self signed.
- Do not reuse the certificate.
配置S2S 信任方法:
Post Install:
after the S2S trust,
- Security tokens issued by Azure AD are trusted by SharePoint Online and on-premises.
- SharePoint online registered as a high-trust application in sharePoint on-premises.
- Users are granted access based on security tokens.
- Tokens are used by authentication services in both online and on-prem
总之,SP,SPO 和S2S,在混合使用非常重要,也是无缝集成的,