Set-SPSecurityTokenServiceConfig
更新 SharePoint 安全性權杖服務 (STS) 身分識別提供者的設定。
Syntax
Set-SPSecurityTokenServiceConfig
-QueueSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-RevokeSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-SigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-SigningCertificateStoreName <String>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[-QueueSigningCertificateThumbprint <String>]
[-QueueSigningCertificateStoreName <String>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-ImportSigningCertificate <X509Certificate2>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Description
此 Cmdlet 包含一個以上的參數集。 您可能只會使用到一個參數集中的參數,而且您無法合併不同參數集中的參數。 如需如何使用參數集的詳細資訊,請參閱 Cmdlet 參數集。
此 Set-SPSecurityTokenServiceConfig Cmdlet 會更新 SHAREPoint 安全性權杖服務 (STS) 識別提供者的設定。
如果使用憑證檔案,憑證必須是具有私密金鑰的 X509 憑證,否則會引發例外狀況。
此 Cmdlet 只適用於可以匯出的憑證。 若要建立可以用於此 Cmdlet 的憑證,請在 x509Certificate2 物件建構函式的 keyStorageFlags 參數中,指定 X509KeyStorageFlags.Exportable 位元。
如需適用於 SharePoint 產品的 Windows PowerShell 權限及最新資訊,請參閱線上文件 SharePoint Server Cmdlet。
範例
--------------------範例 1---------------------
Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint "2796BAE63F1801E277261BA0D77770028F20EEE4"這個範例會利用已部署於憑證存放區的憑證來更新 SharePoint 安全性權杖服務 (STS) 身分識別提供者的簽署憑證。
--------------------範例 2---------------------
$stsCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\sts.pfx","a",20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $stsCert這個範例會匯入 SharePoint STS 身分識別提供者的簽署憑證。
參數
-AssignmentCollection
管理物件以適當處置它們。 使用 SPWeb 或 SPSite 等物件可能會耗用大量的記憶體,因此在 Windows PowerShell 指令碼中使用這些物件時,必須適當地管理記憶體。 您可以使用 SPAssignment 物件將物件指派給變數,並在不需要時處置這些物件,以釋放記憶體。 使用 SPWeb、SPSite 或 SPSiteAdministration 物件時,若未使用指派集合或 Global 參數,將會自動處置這些物件。
使用 Global 參數時,所有物件會包含在全域儲存區內。
如果不立即使用物件,或使用 Stop-SPAssignment 命令加以捨棄,則可能會有記憶體不足的狀況發生。
| Type: | SPAssignmentCollection |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-Confirm
在執行命令之前,提示您確認操作。
如需詳細資訊,請輸入下列命令:get-help about_commonparameters。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-FormsTokenLifetime
指定發行給 ASP.NET 成員提供者與角色提供者之權杖的到期時間 (以分鐘為單位)。 預設值為 1380。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ImportSigningCertificate
指定來自受信任驗證提供者伺服器陣列的 X.509 憑證物件。
此類型必須是有效的 X.509 憑證名稱,例如 Certificate1。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-MaxLogonTokenCacheItems
指定記憶體內登入權杖快取的記錄數量上限。 預設值為 250 個專案。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-MaxServiceTokenCacheItems
指定記憶體內服務權杖快取的記錄數量上限。 預設值為 250 個專案。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificate
將所提供的憑證設定為已排入佇列的簽署憑證。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificateStoreName
依憑證指紋查看要設定為已排入佇列之簽署憑證的憑證時所要搜尋的存放區。 若已指定 QueueSigningCertificateThumbprint 則為必要。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-QueueSigningCertificateThumbprint
將已提供指紋的憑證設定為已排入佇列的簽署憑證。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificate
撤銷符合所提供憑證的簽署憑證。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificateStoreName
依憑證指紋查看要撤銷的憑證時所要搜尋的存放區。 若已指定 QueueSigningCertificateThumbprint 則為必要。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-RevokeSigningCertificateThumbprint
使用提供的指紋撤銷簽署憑證。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ServiceTokenCacheExpirationWindow
指定自動更新快取中權杖的間隔 (以分鐘為單位)。 預設值為 2 分鐘。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-ServiceTokenLifetime
指定安全性權杖服務快取的到期時間 (以分鐘為單位)。 預設值為 15 分鐘。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-SigningCertificateStoreName
指定簽署憑證所在的憑證存放區。 身分證別的身分識別存放區可以是 SQL 資料庫資料表、Active Directory Domain Services (AD DS) 或 Active Directory Lightweight Directory Service (AD LDS)。
此類型必須是簽署憑證存放區的有效身分識別,例如 IdentityStore1。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-SigningCertificateThumbprint
指定簽署憑證的指紋。
類型必須是簽署憑證的有效身分識別,例如 2796BAE63F1801E277261BA0D77770028F20EEE4。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-WhatIf
顯示訊息會描述命令的功效而不執行命令。
如需詳細資訊,請輸入下列命令:get-help about_commonparameters。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |
-WindowsTokenLifetime
指定發行給 Windows 使用之權杖的到期時間 (以分鐘為單位)。 預設值為 1380 分鐘。
此類型必須是有效的整數。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server Subscription Edition |