Configuring Search Security Support for Claims-Based Authentication

Search Security Support for CBA crawls on SharePoint 2010 or higher requires that you complete the following high-level steps:

  1. Install the IO SharePoint connector - Installing the IO SharePoint Connector is mandatory before you can crawl a CBA-enabled SharePoint server. If you need help with installing the IO SharePoint connector or with upgrading from the legacy SharePoint connector, refer to the IO SharePoint Connector Users Guide. This guide is available as a PDF document inside the IO SharePoint connector ZIP package located in the /connectors subdirectory of your Watson™ Explorer Engine installation.
  2. Configure your Active Directory Federation Server to establish trust - Configuring the Microsoft Active Directory Federation Service (ADFS) to issue security tokens to Watson Explorer Engine is mandatory before Watson Explorer can interact with CBA. If you are using a Security Token Service (STS) other than ADFS, the steps to configure the STS will be different. A general overview of the ADFS settings specific to enabling CBA are described in Configuring ADFS To Establish Trust.
  3. Configure your Watson Explorer Engine installation to use CBA - Enabling Watson Explorer Engine to work with CBA requires several configuration steps. These steps are covered in Configuring Watson Explorer Engine to use Claims Based Authentication.
  4. Modify your Watson Explorer Engine web site configuration files - Customizing the web.config file used by Watson Explorer Engine requires updating several XML elements in that file, which is located in the top level directory of your Watson Explorer Engine installation. The necessary code snippets, which you can use to update the <system.webServer> XML element in the web.config file, are provided in Modifying the web.config file in Watson Explorer Engine. You can cut and paste these snippets into your web.config file to make the required modifications.
  5. Update the Watson Explorer Engine authentication macro - Using the Watson Explorer Engine administration tool to update the Watson Explorer authentication macro enables you to replace it with the custom authentication-claims-based macros XML function. The steps to do so are covered in Updating The Authentication Macro.
  6. Configure the SharePoint CBA Rights Function - Using the Watson Explorer Engine administration tool to configure the live source for your search collection enables that collection to use the Claims Based Authentication function. The steps to do so are covered in Source and Rights Function Configuration.