We have a SP 2013 search system where it searches a different sharepoint farm. Before with NTLM, we were able to get those results.  After implementing single sign on with Ping Federate, we are unable to get search results from that other system. We suspected at first that we needed the group memberships to be added to the claims, which we tried. But still nothing. Does anyone know what claims would be needed in this scenario? We currently get primarysid, upn, windowsaccountname, and now Groups.

• Edited by Scott Hutter Thursday, February 19, 2015 2:42 AM

Hi Scott,

You may check if "Windows authentication" has enabled for your web application for this issue, here are some useful posts about this topic, you can take a look.

"If you are using claims-based authentication, make sure that Windows authentication is enabled on any Web applications to be crawled."

http://sharepoint.stackexchange.com/questions/59635/crawler-authentication-in-sharepoint-2013-for-sts-based-external-website

https://technet.microsoft.com/en-us/library/jj219577.aspx?f=255&MSPPError=-2147217396#PlanCrawlerAuth

http://blogs.technet.com/b/saantil/archive/2013/06/03/sharepoint-2013-in-claims-authentication-through-pingfederate-6-6-crawl-issue.aspx

For a better assistance for PingFederate product, you may want to post on the web site below,

https://ping.force.com/Support/PingIdentityAnswersHome

http://sharepoint.stackexchange.com/questions/53680/windows-authentication-and-trusted-identity-provider-user-mapping-to-a-single

Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.