I am currently in the process of configuring a SharePoint 2013 on premise farm utilising ADFS, claims and office web apps.

The current configuration seems to be working properly, so far.

Users can log on to site collections located on various web applications in the farm using a claims identity and view and edit office documents using office web apps.

However, when a user attempts to use Search Centre to locate a particular office document. Results are returned but the hover preview pane insists that the user logs on to the site collection where the document is located (only if they haven't already) to view the document with the error: 

To start seeing previews, please log on by opening the document.

If the user has already logged on to the site collection they are presented with the preview result as expected.

Ideally we would like the user's identity from Search centre to be authenticated on the target site collection if they haven't been authenticated already so the preview can be viewed.

As we currently have 3 different content Web Applications, it is not simply a case of dropping Search Centre on the same web app as where the content is located to get around this.

I am hoping it is a simple misconfiguration issue when the environment was being setup.

Perhaps someone can point me in the right direction.

Hi

Can you tell me any more about how you got the Preview Pane to work?

I have a pending MS Paid Support Incident, because I cannot get it to work at all based on the documentation that is available in the Public domain

There must be some documentation or extra information that is generally available, that would help me, but I just don't know where to find it.

If you have any additional information I would love to know, that would be great

Thanks

Robert

Hi. We have the same scenario. I have a question for you. Do you have both Claims and NTLM enabled on the same Web App on the same port so you can crawl using the same URL/port as your Claims Based app  or did you extend your Web App to use NTLM on another port so that the crawl would work?

The reason I ask is that we are using ADFS based claims and have a custom login page. In testing we saw some instance where users weren't prompted with the custom login screen and were simply refused access, we think because their Windows Credentials were being passed as NTLM was enabled. 

Therefore, we have extended our app to use NTLM so we can crawl on a different port (444), and then used Server Name Mappings to map the search results with the port number back to the main Claims Based URL.

This works, however, in the search results, for any documents, the URL that is being used to present the preview via Office Web Apps via the WopiFrame.aspx is still the NTLM extension with port number, e.g. http://server.domain.com:444/projects/_layouts/15/WopiFrame.aspx?sourcedoc=/projects/Shared%20Documents/Test%20doc.docx&action=default&DefaultItemOpen=1

Why on earth was my post marked as the Answer?

This should be unmarked.

Hi,

I think this is by design and is similar to the issue of profile images not loading when they are hosted on a different web application, as outlined here http://support.microsoft.com/kb/2532395/en-gb

We are using ADFS claims web applications and I was having the problem of the search result URL linking to the NTFS web application. However, I think I've solved this now. I had to delete the web application and recreate it, with the NTLM verison of the web application as the default web application - this is what the search crawler will index, and then extended that web application to use the ADFS trusted provider into the intranet zone - that is what the users will use. First time around when it was not working I had done the reverse with the NTLM version not the default zone. This seems to be working now, I haven't fully tested it but thought I'd share with you guys if its helpful. It still doesn't load the office web preview if the search result is hosted on a different web application, but if the user has already authenticated using claims on the other web application then it works fine.

Hope that helps,
Andrew