Set-SPSecurityTokenServiceConfig
更新 SharePoint 安全令牌服务 (STS) 标识提供程序的设置。
语法
Set-SPSecurityTokenServiceConfig
-QueueSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-RevokeSigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificateStoreName <String>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
-SigningCertificateThumbprint <String>
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-SigningCertificateStoreName <String>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[-QueueSigningCertificateThumbprint <String>]
[-QueueSigningCertificateStoreName <String>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-ImportSigningCertificate <X509Certificate2>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-QueueSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] Set-SPSecurityTokenServiceConfig
[-AssignmentCollection <SPAssignmentCollection>]
[-Confirm]
[-FormsTokenLifetime <Int32>]
[-MaxLogonTokenCacheItems <Int32>]
[-MaxServiceTokenCacheItems <Int32>]
[-RevokeSigningCertificate <X509Certificate2>]
[-ServiceTokenCacheExpirationWindow <Int32>]
[-ServiceTokenLifetime <Int32>]
[-WhatIf]
[-WindowsTokenLifetime <Int32>]
[<CommonParameters>] 说明
此 cmdlet 包含多个参数集。 只能使用一个参数集中的参数,而不能结合使用不同参数集中的参数。 若要详细了解如何使用参数集,请参阅 Cmdlet 参数集。
cmdlet Set-SPSecurityTokenServiceConfig (STS) 标识提供者更新 SharePoint 安全令牌服务的设置。
如果使用证书文件,该证书必须是带有私钥的 X509 证书,否则将引发异常。
此 cmdlet 仅适用于可导出的证书。 若要创建可在此 cmdlet 中使用的证书,请在 x509Certificate2 对象构造函数的 keyStorageFlags 参数中指定 X509KeyStorageFlags.Exportable 位。
有关适用于 SharePoint 产品的 Windows PowerShell 的权限和最新信息,请参阅 SharePoint Server cmdlet。
示例
--------------------示例 1---------------------
Set-SPSecurityTokenServiceConfig -SigningCertificateThumbprint "2796BAE63F1801E277261BA0D77770028F20EEE4"此示例使用已在证书存储中部署的证书来更新 SharePoint 安全令牌服务 (STS) 身份提供程序的签名证书。
--------------------示例 2---------------------
$stsCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "c:\sts.pfx","a",20
Set-SPSecurityTokenServiceConfig -ImportSigningCertificate $stsCert此示例导入 SharePoint STS 标识提供程序的签名证书。
参数
-AssignmentCollection
管理对象以便正确进行处理。 使用 SPWeb 或 SPSite 等对象可能会耗用大量内存,而且在 Windows PowerShell 脚本中使用这些对象需要正确管理内存。 通过使用 SPAssignment 对象,可以将对象分配给变量,然后在不需要这些对象时对它们进行处理,以释放内存。 在使用 SPWeb、SPSite 或 SPSiteAdministration 对象时,如果不使用分配集合或 Global 参数,则会自动处理这些对象。
使用全局参数时,所有对象均包含在全局存储中。
如果未立即使用对象,或未通过使用 Stop-SPAssignment 命令来处理对象,则可能会发生内存不足的情况。
| Type: | SPAssignmentCollection |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-Confirm
执行命令前,看到确认提示。
有关详细信息,请键入以下命令:get-help about_commonparameters
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-FormsTokenLifetime
指定颁发给 ASP.NET 成员资格提供程序和角色提供程序的令牌的过期时间(分钟)。 默认值为 1380。
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ImportSigningCertificate
指定受信任的验证提供程序服务器场的 X.509 证书对象。
键入的值必须是有效的 X.509 证书名称;例如,Certificate1。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-MaxLogonTokenCacheItems
指定内存中登录令牌缓存的最大项数。 默认值为 250 个条目。
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-MaxServiceTokenCacheItems
指定内存中服务令牌缓存的最大项数。 默认值为 250 个条目。
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-QueueSigningCertificate
将提供的证书设置为排队签名证书。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-QueueSigningCertificateStoreName
查找要设置为排队签名证书的某个证书时,要按其指纹在其中进行搜索的应用商店。 如果指定了 QueueSigningCertificateThumbprint,则为必需参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-QueueSigningCertificateThumbprint
将带有提供的指纹的证书设置为排队签名证书。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-RevokeSigningCertificate
吊销与提供的证书匹配的签名证书。
| Type: | X509Certificate2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-RevokeSigningCertificateStoreName
查找要吊销的证书时要按其指纹搜索的应用商店。 如果指定了 QueueSigningCertificateThumbprint,则为必需参数。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-RevokeSigningCertificateThumbprint
使用提供的指纹吊销签名证书。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ServiceTokenCacheExpirationWindow
指定自动续订缓存中令牌的时间间隔(分钟)。 The default value is 2 minutes.
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-ServiceTokenLifetime
指定安全令牌服务缓存的过期时间(分钟)。 默认值为 15 分钟。
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-SigningCertificateStoreName
指定签名证书所在的证书存储。 标识提供程序的标识存储可以是 SQL 数据库表、Active Directory 域服务 (AD DS)、或 Active Directory 轻型目录服务 (AD LDS)。
键入的值必须是签名证书存储的有效标识;例如 IdentityStore1。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-SigningCertificateThumbprint
指定签名证书的指纹。
键入的值必须是签名证书的有效标识;例如 2796BAE63F1801E277261BA0D77770028F20EEE4。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-WhatIf
显示一条描述命令作用的消息,而不执行命令。
有关详细信息,请键入以下命令:get-help about_commonparameters
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |
-WindowsTokenLifetime
指定颁发给 Windows 用户的令牌的过期时间(分钟)。 默认值为 1380 分钟。
键入的值必须为有效整数。
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Applies to: | SharePoint Server 2010, SharePoint Server 2013, SharePoint Server 2016, SharePoint Server 2019 |