Review AD FS terminology
Platí pro: Windows Intune
Poznámka
V tomto tématu je k dispozici obsah online nápovědy, který se vztahuje na více cloudových služeb společnosti Microsoft, včetně služby Windows Intune a služeb Office 365.
Before you begin using this content to deploy AD FS for single sign-on to cloudová služba, we recommend that you first read about AD FS terms that are used throughout this article.
| AD FS term | Definition |
|---|---|
AD FS configuration database |
A database used to store all configuration data that represents a single AD FS instance or Federation Service. This configuration data can be stored using the Windows Internal Database (WID) feature included with Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 or using a Microsoft SQL Server database. |
Claim |
A statement that one subject makes about itself or another subject. For example, the statement can be about a name, email, group, privilege, or capability. Claims have a provider that issues them (in this case cloudová služba společnosti Microsoft customer) and they are given one or more values. They are also defined by a claim value type and, possibly, associated metadata. |
Federation Service |
A logical instance of AD FS. A Federation Service can be deployed as a standalone federation server or as a load-balanced federation server farm. The name of the Federation Service defaults to the subject name of the SSL certificate. The DNS name of the Federation Service must be used in the Subject name of the Secure Sockets Layer (SSL) certificate. |
Federation server |
A computer running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 that has been configured to act in the federation server role for AD FS. A federation server serves as part of a Federation Service that can issue, manage, and validate requests for security tokens and identity management. Security tokens consist of a collection of claims, such as a user's name or role. |
Federation server farm |
Two or more federation servers in the same network that are configured to act as one Federation Service instance. |
Federation server proxy |
A computer running Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 that has been configured to act as an intermediary proxy service between a client on the Internet and a Federation Service that is located behind a firewall on a corporate network. In order to allow remote access to cloudová služba, such as from a smart phone, home computer, or Internet kiosk, you need to deploy a federation server proxy. |
Relying party |
A Federation Service or application that consumes claims in a particular transaction. |
Relying party trust |
In the AD FS Management snap-in, a relying party trust is a trust object that is created to maintain the relationship with another Federation Service, application, or service (in this case the Windows Azure Active Directory service) that consumes claims from your organization’s Federation Service. |
Network load balancer |
A dedicated application (such as Network Load Balancing) or hardware device (such as a multilayer switch) used to provide fault tolerance, high availability, and load balancing across multiple nodes. For AD FS, the cluster DNS name that you create using this NLB must match the Federation Service name that you specified when you deployed your first federation server in your farm. |
Next step
Now that you have reviewed AD FS terminology, the next step is to Plan your AD FS deployment.
Viz také
Koncepty
Implementace a správa jednotného přihlašování pomocí služby AD FS 2.0