Claims Authenticated Web Application Site Contents Not Crawling and Indexing on Search Results in SharePoint 2013

Sathish Nadarajan
 
Solution Architect
March 24, 2014
 
Rate this article
 
Views
18711

In this article, let us discuss about a strange behavior of SharePoint 2013 Search.

i.e., The Search Results were not fetching the contents available in Claims Authenticated Web Application. This warning message is shown at the time of modifying the Authentication Provider itself.

clip_image001

But even then, for some security reasons, we are going with the Claims Authentication. At that time, we need our site contents to be crawled and displayed on the Search Results. Let us see a quick work around for this and then feel how easy it is.

Basically, what we are going to do is,

1. Extend the Claims Authenticated Web Application into a Windows Authenticated Web Application.

2. On the Content Source, give the Extended WebApplication as the Source.

3. Create a new mapping on the Server Name Mappings.

Let us how to do these things step by step.

1. Login to other web application and do a trial search. This is to make sure that the search is configured properly.

clip_image003

2. The results are displayed as below.

clip_image005

3. Now go to the claims based site

clip_image007

4. Add a test document.

clip_image009

5. Do a full crawl. Even after a full crawl also, the document will not get listed on the Search Result.

clip_image011

6. Go to Central Administration.

clip_image013

7. Click Manage Web Applicaitons

clip_image015

8. Select the ClaimsBasedSite Webapplicaiton and Extend it.

clip_image017

clip_image018

clip_image019

clip_image020

9. Now, we need to map this web application also to a Certificate. Since this is a ssl enabled web application.

clip_image022

clip_image024

clip_image026

clip_image027

clip_image028

clip_image030

10. Now, we completed the Extension step. Let us go to the Server Name Mappings.

11. Go to Central Administration -> Manage Service Application -> Search Service Application.

clip_image032

12. Click on the Server Name Mappings on the Left Hand Navigation.

clip_image034

13. Select New Mapping.

14. Address for indexing is:  your friendly URL which users accessing

15. Address for display in search results: URL of machine name

16. Reset Indexing data, From search service application

17. Restart the Search Services

18. Run full crawl

19. Search the content

20. Now the content will be displayed properly.

Happy Coding.

Sathish Nadarajan.

Category : Search, SharePoint

Author Info

Sathish Nadarajan
 
Solution Architect
 
Rate this article
 
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 15+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business ...read more
 

How to Provide Custom Attribute as a Claim from ADFS in SharePoint 2013 using PowerShell

Sathish Nadarajan
 
Solution Architect
March 9, 2014
 
Rate this article
 
Views
39754

In the previous article, we saw how to add custom attributes to the Active Directory. In this article, let us see, how to use those attributes as Claims through ADFS. Adding claims to ADFS, already we saw as a part of Configuring ADFS as authentication provider here. Please refer that, if not read already.

To refresh, we added maritalStatus as an attribute on the previous article. On our sharepoint site, we want, this maritalStatus as a Claim after login into the Site.

Now, the steps are

1. Configure the new claims on the ADFS Server.

2. Delete the TrustedIdentityTokenIssuer.

3. Create the SPClaimTypeEncoding for the new claim value

4. Create a new TrustedIdentityTokenIssuer with the new Encoded Claim value

5. Map the SharePoint site to the newly created TrustedIdentityTokenIssuer.

Let us see them one by one.

1. Configure the new claims on the ADFS Server.

We need to Add the claim description. For that, login to the ADFS Server. Open the ADFS management console. By default, the claim description will looks like,

image

Now, we are going to Add our claim Description.

Right click on the Claim Description.

image

Click Add Claim Description.

Enter the values as below.

image

Click OK. The claim Description will get added.

Now, the screen will looks like,

image

Now, we need to add the newly added claim in the Claims Rule of the web application. i.e., the Relying party trust.

Select the Relying Party Trust, Select the web application. Edit Claim rules.

image

image

image

On the LDAP Attributes, we can type as MaritalStatus and on the Outgoing Claim Type, the drop down contains the Claim MaritalStatus, since we added it on the Active Directory. Hence, select that.

Click Ok, and close this screen.

That’s it. We are done with the ADFS Server. Now, move back to our SharePoint Server.

2. Remove the existing TrustedIdentityTokenIssuer.

 Get-SPTrustedIdentityTokenIssuer | where {$_.Name -eq "win2008r2 claims provider"} | Remove-SPTrustedIdentityTokenIssuer

3. Remove the existing TrustedRootAuthority

 Get-SPTrustedRootAuthority | where {$_.Identity -eq "Token Signing Cert ADFSAuthenticatedSite"} | Remove-SPTrustedIdentityTokenIssuer

4. Now, let us re-create everything with encoding.

 Add-PSSnapin "Microsoft.SharePoint.PowerShell"
 
 Get-SPTrustedIdentityTokenIssuer | where {$_.Name -eq "win2008r2 claims provider"} | Remove-SPTrustedIdentityTokenIssuer 
 
 Get-SPTrustedRootAuthority -Identity "Token Signing Cert ADFSAuthenticatedSite" | Remove-SPTrustedIdentityTokenIssuer
 
 
 $a = [char]0x02bc #700 - for Marital Status
 #$b = [char]0x02bd #701 - Incase if we have 2 more Claims needs to be added
 #$c = [char]0x02be #702 - Incase if we have 2 more Claims needs to be added
 
 
 New-SPClaimTypeEncoding -EncodingCharacter $a -ClaimType "http://ss.loc/maritalstatus" -force
 #New-SPClaimTypeEncoding -EncodingCharacter $b -ClaimType "http://dc07.loc/v2/jobtitle" -force - Incase if we have 2 more Claims needs to be added
 #New-SPClaimTypeEncoding -EncodingCharacter $c -ClaimType "http://dc07.loc/v2/application" -force - Incase if we have 2 more Claims needs to be added
 
 
 
 $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:WORKCertificatesADFSCert.cer")
 
 New-SPTrustedRootAuthority -Name "Token Signing Cert ADFSAuthenticatedSite" -Certificate $cert
 
 $map = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
 
 $upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
 
 $RoleClaimmap = New-SPClaimTypeMapping -IncomingClaimType "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" -IncomingClaimTypeDisplayName "Role" –SameAsIncoming
 
 $maritalStatusClaimMap = New-SPClaimTypeMapping -IncomingClaimType "http://ss.loc/maritalstatus" -IncomingClaimTypeDisplayName "MaritalStatus" -SameAsIncoming
 
 $realm="urn:sharepoint:sathishserver.ss.loc:20003"
 
 $signInURL="https://Win2008R2/adfs/ls"
 
 $sts = New-SPTrustedIdentityTokenIssuer -Name “win2008r2 claims provider” -Description “My Claims Provider”-realm $realm -ImportTrustCertificate $cert -ClaimsMappings $map,$upnClaimMap,$RoleClaimmap,$maritalStatusClaimMap -SignInUrl $signInURL -IdentifierClaim $map.InputClaimType
 
 $sts 
 

5. Now, map the created TrustedIdentityToken with the web application.

In Central Administration, go to Manage web application and select the web application.

image

Select the Default.

image

On the Edit Authenticaiton screen, we can see the newly created Identity Provider.

image

Select that and click save. On the screen nothing will happen. Let us close this popup and try login to the site collection. It will ask for the ADFS authentication.

That’s it. Now, let us go back to our claims viewer web part. Now, we will be seeing the newly added attribute will be listed as the claim on the screen.image

 

Now, the newly added webpart will show the newly added claim.

 

Happy Coding.

Sathish Nadarajan.

Author Info

Sathish Nadarajan
 
Solution Architect
 
Rate this article
 
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 15+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business ...read more
 

Leave a comment