Body:
Setup we have:
- We have a web application called [HTTP]://"Authors.com" (Windows Authentication – Default Zone)
- It has been extended to “Internet Zone” with just customSTS as authentication provider which is [https]://brokers.com (this is exposed to public internet)
- The root site collection is anonymous and it has 10 sub sites. Out of which just 3 are inheriting permissions from root site but 7 sub sites are having unique permissions
- We have added “All Users (customSTS)” to all the sub sites to make sure they will be authorized after authentication from customSTS to [https]://brokers.com and its secured sub sites
- While authors are the intranet users with in the domain. They will have full access on all the sub sites and root on [http]://Authors.com
- When it comes to authentication for the brokers to [https]://brokers.com through customSTS we absolutely having no issues to access the anonymous content and also secured content according to the permission level that we applied to the brokers (custom contribute)
- Attaching the screen grab of the permission level custom contribute to let you know the broker permissions on the secured sub sites
- In the search service application, content source we have given [http]://Authors.com
- Added “All Users (customSTS)” to web applications user policy for internet zone with full read only access
Issue we have:
- All the authors are able to search for the content successfully including secure files from secured sub sites (Authors have full control permissions)
- But when it comes to the brokers they are able to search for only anonymous content, though they are able to access the files and download it with the current setup
- When we added a single broker user to web application’s user policy with full control permissions just for testing and a full crawl. He can search the secured content as well successfully
- But that is not we wanted. Please let me know where I am missing
