For a combined Lync & SharePoint event we recently implemented People Search and Skill Search from the Lync client.
This is relatively easily internally – the excellent blog post by Tim Harrington is all you need to know; no need to repeat the steps here.
However, getting this to work externally via Threat Management Gateway required some additional configuration:
- The Skill Search URL http://<server>/_vti_bin/search.asmx should NOT use TMG for authentication
- The People Search URL http://<server>/SearchCenter/Pages/PeopleResults.aspx SHOULD use TMG for authentication
This does not mean that the Skill Search web service is exposed, merely that authentication is handled by SharePoint.
See my previous post for details about reverse proxy setup and Alternate Access Mappings; in summary:
- http://sharepoint internal URL
- https://domain.com/ external URL setup as default public URL in SharePoint; nearly all traffic uses TMG for authentication; Internet zone in Alternate Access Mappings
- https://domain.local/ internal URL which TMG translates links to; same Internet zone in the Alternate Access Mappings
If it was for a production site it could have been worthwhile implementing Kerberos constrained delegation but I’ll leave that minefield for another day.