We have a SharePoint 2013 web application configured to use Windows/NTLM authentication and a Trusted Identity Provider (ADFS) on the same default zone. If I perform a search as a windows user, I see results. If I perform a search when logged in as an ADFS user, I see no results.
I've tried full crawls, and even reset the index and recrawled. I turned logging up to verbose and ran a few queries. I couldn't find anything relevant in the logs, especially about permissions or access. The crawl logs look good too, but obviously things are getting crawled because the windows user gets lots of results.
Someone suggested I extend my web app into 2 zones, the default zone for windows auth and another zone for adfs auth. I did try this but still get no search results when logged in via adfs.
I have noticed one message in ULS but i'm not sure if it is relevant: "IdentityClaim from STS differs from known type" The claim that adfs gives SharePoint is windowsaccountname (samAccountName in AD).
The windowsaccountname claim comes in the form of an id number e.g. 123456 and also prefixed with the domain e.g. domain\123456. The userid claim is in the form
0.t|adfs|123456.
Does anyone have any suggestions on how to further troubleshoot this?