Specify form credentials popup window gives 403 error upon completion

We have a non-SharePoint content source that uses a single sign-on form located on a different URL for secure content.

Here is an example: The main site is www.mydomain.com. While clicking around you come to a secure page at www.mydomain.com/secure.aspx. You are automatically sent to the SSO (single sign-on) page at http://sso.mydomain.com/login.aspx?a=somequerystring. After entering your credentials, you are sent back to www.mydomain.com/secure.aspx and can see the content.

Now for the problem we are facing: We need to be able to crawl www.mydomain.com/secure.aspx. We are currently trying to create a crawl rule where we specify form credentials. We are supplying the SSO form URL http://sso.mydomain.com/login.aspx?a=somequerystring, and the form shows up just like it should in the popup window. We then enter the credentials and hit the submit button. The popup window then gives us a 403 error. On a side note: we do have the entire SSL certificate chain for the SSO in "CA > Security > Manage Trust"

When performing a fiddler trace, we can see that the 403 error is happening on our central admin site when it tries to go to /_admin/search/ after authentication on the SSO form. I get a 403 error if I try to go to this location directly in a browser as well (https://myCAServer/_admin/search/) because there is no default page there. I have tried this on three different farms and using multiple accounts. Does anyone have any ideas what could be going on?


April 27th, 2015 6:53pm

Hi,

What's the mechanism of your SSO for the external web site? When you specify form credentials in a crawl rule, the URL should not be the SSO login page, because after authentication, your SSO would not know where to redirect the request.

Basically SSO in browser based application relays on URL redirection to work, but the crawler in SharePoint may not support URL redirection.

My suggestion is to prepare a non-SSO authentication in the external content sources, and windows authentication would be better.

Thanks,
Reken Liu

Free Windows Admin Tool Kit Click here and download it now
April 29th, 2015 12:38am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics