none
No search results using Trusted Identity Provider

    Question

  • I am using an external IP-STS for users to access SharePoint; however, these user see no search results.  This site is also configured to allow anonymous users (albeit on a seperate extended web application) which returns search result for the same query.

    How can search be made to work using the Trusted Identify Provider?  Or is this the result of Search Service not being 'claims aware' and cannot be fixed?

    Thanks in advance

    Thursday, December 02, 2010 9:03 PM

Answers

  • Since you logging in anonymously on an extended web application then you get to see everything. Why or how you can access these documents is not part of security trimming of search results. The fact is your accessing Sharepoint using a custom claims based secured token on the one web application, not anonymously, therefore, you probably need to create a custom security trimmer to utilize the token and check access.
    Blog | SharePoint Field Notes Dev Tool | ClassMaster
    Friday, December 03, 2010 2:31 PM

All replies

  • This an excellent article about custom security trimming development for SP2010. You probably need to develop one to work with your external IP-STS.

    http://msdn.microsoft.com/en-us/magazine/ff796226.aspx


    Blog | SharePoint Field Notes Dev Tool | ClassMaster
    Friday, December 03, 2010 4:08 AM
  • How would a custom security trimmer work if SharePoint has no results to begin with.  SharePoint still gets the first piece of the pie, and if nothing is left the security trimmer has nothing to do.

    The fact that anonymous user has search results, other users should be able to see the same results OOTB, which is not happening.  The search results links from the anonymous search, do work when a user from the IP-STS is Signed In, so these same items should have appeared as when they perform the same search query.

    Friday, December 03, 2010 1:19 PM
  • Since you logging in anonymously on an extended web application then you get to see everything. Why or how you can access these documents is not part of security trimming of search results. The fact is your accessing Sharepoint using a custom claims based secured token on the one web application, not anonymously, therefore, you probably need to create a custom security trimmer to utilize the token and check access.
    Blog | SharePoint Field Notes Dev Tool | ClassMaster
    Friday, December 03, 2010 2:31 PM
  • I am using SharePoint 2013 with my custom Identity provider registered and I am unable to get results for the users which are authenticated with the identity provider.

    When I search there are no items returned except one or two accounts whose email ID maps the same as in the active directory. Can you please help me with that I am really stuck with it.

    Thank you.

    Wednesday, July 24, 2013 8:08 PM
  • First thing to verify is does the Search Service Application Trust the STS?

    Another thing to try:

    $sa = Get-SPServiceApplication 'Search Service Application Name'

    $sa.SetProperty("ForceClaimACLs",1)

    Do a full crawl next.

    Warning:  http://support.microsoft.com/kb/2519229 (Do not know if this is fixed in 2013)

    Years ago it was necessary to execute a custom security trimmer which would take a search result and trim based upon the user claims.  This also required setting a policy for all users to see content like the policy set for the crawler account otherwise no results to trim.

    Hope this helps

    Wednesday, July 24, 2013 9:16 PM