https://sharepoint.stackexchange.com//questions/46608
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我想知道设置外联网的必要配置是什么,我发现了一大款文章,提供了对公式如何运作的很少的法律,但没有什么能够链接所有组件...
如果我在我公司外部的一个农场防火墙,我认为我需要从我研究的内容中得到以下内容......我错过了什么?目标是使合作伙伴能够访问具有Live ID的内容,以及允许内部用户与其公司域帐户登录的AbiGriy?这样他们就可以合作。
我需要创建基于索赔的Web应用程序来托管团队站点。 我需要一些如何与我的域管理员合作,使其使用Active Directory联合服务,这样我可以利用Live ID。 我读过,使用像Forefront这样的统一访问网关也是最好的。
在那一点应该有效吗?我可能错过了很多小豆,但我希望有人可以填补空白,让我更好地了解它将如何工作。
解决方案
for that scenario you have two options:
- First option: SharePoint trusting LiveID and ADFS
- Second option: SharePoint trusting Windows Azure Access Control Service (ACS) and ACS trusting LiveID or ADFS.
First option
Configure claims-based authentication using Windows Live ID (SharePoint Server 2010)
Configure authentication using a SAML security token (SharePoint Server 2010)
Second option
Personally, I like the second option since SharePoint is not friendly at all to manage those trust relationships (you can see from the tutorials). By using a "trust hub" you are also open to more options and keep the "trust policies" and claim transformation in a single place.
Also take into account that LiveID won't give you the email address of the user as a claim, it will give you just an opaque identifier that will be kept across logins, but you won't be able to configure in the people picker permissions for "john@live.com". You can only grant permissions to "all live id users". You might want to consider using Google which will give you the email if you have that scenario.
Finally, if you want an even simpler setup you can evaluate auth10.com which uses Windows Azure ACS beneath and will simplify both the setup and the management of those rules. Here are a couple of screencasts:
- Configuring SharePoint 2010 to accept Google identities
- Configuring SharePoint 2010 to accept Active Directory users through ADFS
Full disclosure: I am a founder at auth10.
