Source and Rights Function Configuration
About this task
After creating a search collection to crawl and index a CBA-enabled SharePoint instance, you should add and configure the SharePoint Claims Based Authentication Rights function. Using the SharePoint Claims Based Authentication Rights function will ensure that SharePoint security is respected at search time.
In the Watson™ Explorer Engine administration tool, do the following:
- Open the live source of your SharePoint CBA-enabled collection.
- Select the Form tab.
- Click Add Form.
Select the SharePoint Claims Based Authentication Rights function.
The Rights Function form component is installed during the connector unpacking procedure.
- Click Add.
- If Watson Explorer Engine is configured under a virtual directory different from the default ("vivisimo"), then edit the Claim Lookup Service URL by copying the default value proposed under the input text box and modifying the URL as is appropriate.
Add the values configured in the SharePoint for SPTrustedIdentityTokenIssuer
in the Trusted Issuer Name Mappings setting. If you are only using ADFS, then the only
entry should be similar to: https://adfs-host-server/adfs/ls|SAML
This value can also be obtained using the following SharePoint PowerShell command: Get-SPTrustedTokenIssuer. The information you are looking for is set to ProviderUri and to DefaultProviderRealm. Be aware that depending of the current SharePoint configuration the above power shell command can return multiple sets of data. Refer to the one that matches your DefaultProviderRealm.
- Modify Claims assigned to Everyone if you want to add more claims everyone should be given at search time.
- Custom Claim Type Encoded Character Mappings are mappings between the URN for a custom claim type (a claim type not immediately recognized by SharePoint) and the character SharePoint uses when building the encoded version of the claim. If needed, add the mappings and use a pipe ("|") to separate the URN from the encoded character.
- Click OK.