3. The Ultimate Vision of Enterprise Search!
One Search Box | Blended Search Results | Common Ranking | One Index
Image couresy of https://en.wikipedia.org/wiki/Portal:Middle-earth/Selected_picture/4
Search in Everything
4. Multiple Auth Providers
Custom Claims Provider
Custom Security Trimming
Search across multiple domains
on-prem
Getting Started
Cloud scenarios
On-prem scenarios
Extras
Search across on-prem and
Office 365
Scenario 1 Scenario 2
6. Intranet
• SharePoint 2013 farm in the
corporate domain /
internal network
• Windows authentication only
• Only Internal users in
Active Directory
Scenario 1
CONTOSO
Active
Directory
Windows
Authentication
https://intranet.contoso.com
Internal users
7. Extranet
• SharePoint 2013 farm in an
external domain /
external network
• ADFS/SAML authentication
• Internal and external users
in MS SQL Server
• Custom claims provider
Scenario 1
EXTERNAL
SQL
Server
SAML
Authentication
https://extranet.contoso.com
Custom Claims
Provider
External users
ADFS
11. ADFS Configuration and External User DB
• PPID as Identity Claim
• http://schemas.xmlsoap.org/ws/2005/05/
identity/claims/privatepersonalidentifier
• Groups SID (Internal users)
• http://schemas.microsoft.com/ws/2008/06/
identity/claims/groupsid
Scenario 1
https://fsext.contoso.com/adfs/ls/
Id Sid Domain
12345 S-1-5-21-606747145-796845957-725345543-571903 CONTOSO
23456 S-1-5-21-606747145-796845957-725345543-540805 FABRICAM
34567 S-1-5-21-606747145-796845957-725345543-1734 - CONTOSO FABRICAMEXTERNAL
USERS
Configure SAML-based claims authentication with AD FS in SharePoint 2013
https://technet.microsoft.com/en-us/library/hh305235.aspx
https://fs.fabricam.com/adfs/ls/
https://fsint.contoso.com/adfs/ls/
12. Custom Claims Provider / People Picker
• Search and name resolution
• Internal and external users from
Users table in SQL Server
• Internal groups from
Active Directory (CONTOSO)
• ACLs matching ADFS claims
Scenario 1
Plan for custom claims providers for People Picker in SharePoint 2013
https://technet.microsoft.com/en-us/library/gg602072.aspx
Claims-based identity in SharePoint 2013
https://msdn.microsoft.com/en-us/library/office/ee535242.aspx
13. Crawling external content from internal farm
• Setup windows authentication in
external web application
• Why not multiple zones?
• Same urls for internal and
external users ease collaboration
• Internal users manage
permissions for external users
• Crawl default zone or else…
• Outlook use default zone for
calendar integration…
• Alerts and emails…
Scenario 1
17. Internal Windows Claims
Claim Type Claim Value Issuer Original
Issuer
http://schemas.microsoft.com/ws/2008/06/
identity/claims/primarysid
S-1-5-21-606747145-796845957-
725345543-571903
SharePoint Windows
http://schemas.microsoft.com/ws/2008/06/
identity/claims/primarygroupsid
S-1-5-21-606747145-796845957-
725345543-1734
SharePoint Windows
http://schemas.xmlsoap.org/ws/2005/05/
identity/claims/upn
petter.skodvin-
hvammen@contoso.com
SharePoint Windows
http://schemas.microsoft.com/sharepoint/
2009/08/claims/userlogonname
CONTOSOpetter SharePoint Windows
http://schemas.microsoft.com/ws/2008/06/
identity/claims/groupsid
S-1-5-21-606747145-796845957-
725345543-1734
SharePoint Windows
http://schemas.microsoft.com/ws/2008/06/
identity/claims/groupsid
S-1-5-21-606747145-796845957-
725345543-540805
SharePoint Windows
19. Custom Security Trimmer
• Runs as search service account
• Loaded by Query Component
• Requires a local cache for performance / latency
• Beware of not being able to RunWithElevatedPrivileges
Scenario 1
20. DEMO
Security Trimmer in Visual Studio
https://github.com/pskodvin/sp2013-securitytrimmer
Scenario 1
22. The New Cloud Search Service Application
• SharePoint Server 2016 and 2013 with
August 2015 Update
Documentation and scripts on
• https://connect.microsoft.com/office
Scenario 2
23. Scenario 2
• Search Server Name
• Search Service Account
• Search Service Application Name
• Database Server Name
Create a Cloud Search Service Application
29. SharePoint Online – Search On-Prem Sources
• Document Previews
• On-Prem Office Web Application Server
• Content Source Refiner
• Search configuration available from
https://github.com/pskodvin/search-configuration
• Open files from on-prem file shares
• Setup IIS on file server
• Server name mappings
• Endpoint configuration
Scenario 2
Internal users:
Access intranet and extranet using their corporate windows account
Search for both internal and external content
External users:
Access extranet using their registered credentials or their partner windows account
Search for external content only
As Ingunn:
SharePoint Content
As Petter:
Rest of the stuff
As Petter:
One Drive
Expenses http://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=%2A#k=expenses
Timesheet http://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=%2A#k=timesheet
Blog
Zoo http://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=zoo
Video
Beach http://pettersh-sp2013.cloudapp.net/search/Pages/results.aspx?k=zoo#k=beach