About this task
After creating a search collection to crawl and index a CBA-enabled SharePoint instance,
you should add and configure the SharePoint Claims Based Authentication Rights function.
Using the SharePoint Claims Based Authentication Rights function will ensure that SharePoint
security is respected at search time.
In the Watson™ Explorer Engine administration tool, do the following:
Procedure
-
Open the live source of your SharePoint CBA-enabled collection.
-
Select the Form tab.
-
Click Add Form.
-
Select the SharePoint Claims Based Authentication Rights function.
Note:
The Rights Function form component is installed during the connector unpacking
procedure.
-
Click Add.
-
If Watson Explorer Engine is configured under a virtual directory different from the
default ("vivisimo"), then edit the Claim Lookup Service URL by copying the default value
proposed under the input text box and modifying the URL as is appropriate.
-
Add the values configured in the SharePoint for SPTrustedIdentityTokenIssuer
in the Trusted Issuer Name Mappings setting. If you are only using ADFS, then the only
entry should be similar to: https://adfs-host-server/adfs/ls|SAML
Provider
Note:
This value can also be obtained using the following SharePoint PowerShell command:
Get-SPTrustedTokenIssuer. The information you are looking for is set to
ProviderUri and to DefaultProviderRealm. Be aware that depending
of the current SharePoint configuration the above power shell command can return
multiple sets of data. Refer to the one that matches your DefaultProviderRealm.
-
Modify Claims assigned to Everyone if you want to add more claims everyone should be
given at search time.
-
Custom Claim Type Encoded Character Mappings are mappings between the URN for a custom
claim type (a claim type not immediately recognized by SharePoint) and the character
SharePoint uses when building the encoded version of the claim. If needed, add the
mappings and use a pipe ("|") to separate the URN from the encoded character.
-
Click OK.