About principal aliasing
Published: May 12, 2010
In a system with multiple content sources, users may have identities in multiple user stores (e.g., a Windows user may also have a Lotus Notes account that has a different ID). To generate the user's security filter for narrowing query results, the FSA worker component must know the user's ID and groups in all stores. FSA uses principal aliasing to map users and groups from one user store to their equivalents in another user store.
Principal aliasing uses an XML file to map each specific security ID to its equivalent security ID in another store. Use the New-FASTSearchSecurityXMLAliaser cmdlet to create XML alias mappings.
When using FAST Search Center to perform queries, credentials will usually be authenticated by SharePoint Server 2010 claims based authentication. You must set up a claims security user store and make it the default user store. Typically, the default store is named win. By using this configuration, users may query on content sources crawled using the FAST Search connector. They will be unable to query documents crawled using the FAST Search Lotus Notes connector, because the document ACL from a Lotus Notes database will not match a claims domain ID.