SharePoint on-premises width AAD O365
輸入SharePoint
進入後選擇單一登入
進入後,把裡面的登入地址拷貝出來,後面在配置的時候要用
將證書下載一下,為了驗證簽名的:
h
在SharePoint powershell中執行一下命令
$realm = "urn:sharepoint:federation" $wsfedurl="https://login.microsoftonline.com/4f7437a6-3d76-4122-a907-624d965ba139/wsfed" $filepath="C:\PublicCertificate.cer" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($filepath) New-SPTrustedRootAuthority -Name "AzureAD" -Certificate $cert $map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" -IncomingClaimTypeDisplayName "name" -LocalClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" $map2 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" -IncomingClaimTypeDisplayName "GivenName" -SameAsIncoming $map3 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" -IncomingClaimTypeDisplayName "SurName" -SameAsIncoming $map4 = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming $ap = New-SPTrustedIdentityTokenIssuer -Name "AzureAD" -Description "SharePoint secured by Azure AD" -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$map2,$map3,$map4 -SignInUrl $wsfedurl -IdentifierClaim "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
另外這裡如果配置錯誤的話 ,有兩個命令可以刪除剛才的配置:
Remove-SPTrustedIdentityTokenIssuer "AzureAD" Remove-SPTrustedRootAuthority "AzureAD"
一個是刪除信任方,一個是刪除信任證書
弄好以後,開啟SharePoint 管理中心 ,選擇AAD
這樣就配置完了,開啟SharePoint站點
配置完成