Search and Claims-Based Authentication in SharePoint 2010

In order to enable crawling for web applications configured with claims-based authentication in SharePoint 2010, it is required that Windows Authentication is enabled for at least one Zone. In cases when Forms Based Authentication or a Trusted Identity Provider is configured for the Default Zone, it is a common practice to extend the web application and enable Windows Authentication for the extended zone. Search is then setup to crawl the extended zone url. There’s a couple of issues with crawling a non-default zone though:

  1. Documents in the index are tagged with the extended zone urls so the search results in the Search Center point to that location rather than to the default zone
  2. Contextual search (This Site) doesn’t work as SharePoint appends the default zone url filter to the search query

Those may sound like major obstacles but it turns out there’s a simple solution, although it does require some manual configuration in Central Administration. The following steps apply to both SharePoint 2010 Search and FAST Search Server 2010 for SharePoint.

In Central Admin, navigate to Manage Service Applications -> Search Service Application (FAST Search Connector for FS4SP), then click on Server Name Mappings within the Crawling section.

Now add a new mapping for each non-default zone url being crawled. Enter the extended zone url in the “Address in index” field and the default zone url in the “Address in search results” field.

Once all server name mappings are in place, complete a full content crawl and that’s it! Your search results will show correct urls in the Search Center and contextual search will work properly.