Sample url, Sample url redirect to login form, Redirect url – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 69
Google Search Appliance: Managing Search for Controlled-Access Content
69
Sample URL
A sample URL is any page that should not be displayed unless the user who requests the content is
logged in and authorized to view it. A sample URL enables the search appliance to detect if a user is
logged in, and, if so, avoid the authentication page.
An example of a sample URL is http://it.abcreports.com/status.html. To detect if a user is logged
in, the search appliance sends an HTTP GET message to the sample URL.
If a user is logged in, the sample URL’s content server, it.abcreports.com, returns a 200 response to
the search appliance. The 200 response indicates that the request has succeeded. If the user is not
logged in, the content server returns a redirect response to the search appliance (see “Sample URL
Redirect to Login Form” on page 69).
Google recommends that you provide a sample URL whenever possible because it enables a quick and
efficient authentication check.
To specify a sample URL, enter it in the Sample URL box on the Serving > Universal Login Auth
Mechanisms > Cookie page.
Sample URL Redirect to Login Form
If sample URL (see “Sample URL” on page 69) authentication fails, the content server can return a
redirect response to the search appliance. The redirect response leads the search appliance to a single
sign-on (SSO) system login form.
For example, the sample URL, http://it.abcreports.com/status.html, can redirect the search
appliance to an SSO login form at http://abcreports.com/login/login.html. The search appliance
can automatically log in to the form by using credentials of the credential group associated with the
forms authentication mechanism.
However, for automatic login to occur, the login form must not contain any JavaScript that is critical to
its submission. Otherwise, the search appliance cannot automatically log in to it.
To enable the sample URL to send a redirect response that leads to a login form, check When sample
URL fails, expect the sample page to redirect to a form, and log in to that form on the Serving >
Universal Login Auth Mechanisms > Cookie page.
Redirect URL
You, as a search appliance administrator, can specify a redirect URL for the search appliance to use
instead of the one supplied by the sample URL. In this case, the search appliance is redirected to URL
that you specify, which can authenticate the user.
For example, suppose you specify http://insideabcreports.com/login/login.html as the redirect
URL. When authentication at the sample URL fails, the search appliance redirects the user to the SSO
login form at http://insideabcreports.com/login/login.html, where it can automatically log in.
If you supply a redirect URL, the authentication mechanism changes significantly. In non-redirect mode,
the search appliance transfers a username / password from the Universal Login Form to a login form
found when attempting to retrieve the sample URL. With a redirect URL, the search appliance will
automatically redirect to that URL. The service at that URL can then authenticate the user in whatever
way it wishes. Upon completion of that authentication, the service at the redirect URL should grant a
cookie to the user which provides access to secure content (and to the sample URL, if provided), and
redirect the user back to the search appliance.