Hi
I have a Claims Based Web Application configured with 'Ping Identity' (SAML token provider) as the trusted Identity provider. I extended the web application and created a new IIS Site with Windows NTLM Claims authentication.
Here are my alternate access mappings.
| Internal URL | Zone | Public URL for Zone |
|---|---|---|
| https://projects.company.com | Default | https://projects.company.com |
| http://projects.company.com | Default | https://projects.company.com |
| http://projectsntlm.company.com | Custom | http://testprojectsntlm.company.com |
I configured the Object Cache Super User and Super Reader accounts with the SAML claims username format using Powershell. And then added these accounts to User Policy of the WebApplication only in Default Zone.
User Policy
Default sp10_sreader i:07.t|ping|sp10_sreader Full
Read
Default sp10_suser i:07.t|ping|sp10_suser Full Control
(All zones) Search Crawling Account i:0#.w|company\_sys_pcptsrch Full Read
The Default Zone URL works fine.
But the Custom Zone URL is giving access denied for everyone including the Primary and Secondary SCAs
SiteCollection URL: https://projects.company.com
Primary SiteCollection Admin: i:0#.w|company\User1
Primary SiteCollection Admin: i:0#.w|company\User2
However Search, which is using the CustomZone URL as the content source, is successfully crawling all the content. FYI, I also tried adding Windows Claims IDs of User1 and User2 to WebApp User Policy and granted them full control.
With SAML token authentication, users are not being able to edit their SSRS Reports in Report Builder. It is not supported. Hence, we want to give the Custom Zone URL to them so they can use it when they need to edit SSRS reports.
Does any one know how to fix this?
Krishna