Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual

Page 28

Advertising

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide

In return, the search appliance expects to receive one or more SAML Response elements inside a SOAP
envelope from the Policy Decision Point. The PDP should return the same number of Response
elements to correspond with the number of AuthzDecisionQuery elements that the search appliance
sent in its request. The ordering of the responses within the SOAP envelope does not matter, but the ID
attributes of the AuthzDecisionQueries must be preserved in the Response elements. The following is
an example of a possible response from the Policy Decision Point:

HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: nnn

<?xml version="1.0" ?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Body>

<samlp:Response ID="ew2o7aqtn6ycjwzr5ibh9uef8xl4smpd"

IssueInstant="2010-07-16T02:05:08Z" Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:Status>

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

</samlp:Status>
<saml:Assertion ID="ak1qc9vzni72exb4hyw8ugtof6jd3mr5"

IssueInstant="2010-07-16T02:05:08Z" Version="2.0">
<saml:Issuer>

myauthn

</saml:Issuer>
<saml:Subject>

<saml:NameID>

user1

</saml:NameID>

</saml:Subject>
<saml:AuthzDecisionStatement "Decision="

Permit"

Resource="

http://content2.yourdomain.com/doc.html">

<saml:Action Namespace="urn:oasis:names:tc:SAML:1.0:action:ghpp">

GET

</saml:Action>

</saml:AuthzDecisionStatement>

</saml:Assertion>

</samlp:Response>
<samlp:Response ID="jli3u2o8cqhsa9nmz4vtxl6rkg7dejpw"