Grant saml bridge access to the certificate, Obtain the public key, Verifying the saml bridge configuration – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 11

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

11

Also, note the value of the Subject attribute in the Details tab. You will need it in the next step to grant
SAML Bridge access to the certificate.

Grant SAML Bridge Access to the Certificate

In order for SAML Bridge to load the certificate that contains the private key, the Application Pool
Identity that runs SAML Bridge requires permission to access the certificate. Check permissions using
the WinnHttpCertCfg tool, which you might have to download.

To list accounts that have access to this certificate, type:

winhttpcertcfg -l -c LOCAL_MACHINE\My -s
any_word_in_the_subject_attribute_of_the_certificate

To grant the Network Service account access to the certificate, type:

winhttpcertcfg -g -c LOCAL_MACHINE\My -s
any_word_in_the_subject_attribute_of_the_certificate -a "Network Service"

Obtain the Public Key

You must copy the public key in text format into the SAML configuration in the search appliance Admin
Console: Search > Secure Search > Universal Login Auth Mechanisms > SAML tab (Public Key of IDP
field). If the public key is in PEM format, you can obtain the base64 encoded text from the certificate. If
the certificate is not in PEM format, you must convert it to PEM format.

If the certificate is also used for HTTPS, you can use FireFox. Open a FireFox browser, and go to the
website where the certificate is used for HTTPS.

To convert a certificate to PEM format:

1.

Open a FireFox browser, and click the lock icon that appears in the status bar. The Certificate
Viewer window displays.

2.

Click View Certificate,

3.

In the Details tab, click Export.

4.

Click Save.

Verifying the SAML Bridge Configuration

This step verifies that the SAML Bridge Application Pool is using Network Service and that SAML Bridge
can obtain a user’s identity.

In the address field of an Internet Explorer browser, enter one of the following depending on the type
of binding you are using:

For POST Binding (recommended): http://your_saml_bridge_host:port/saml-bridge/
Post.aspx

For Artifact Binding: http://your_saml_bridge_host:port/saml-bridge/Login.aspx.

Advertising
Popular Brands
Popular manuals