Modifying the windows registry – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual
Page 10
Google Search Appliance: Enabling Windows Integrated Authentication
10
3.
In the right pane, select the server that hosts the SAML Bridge, right click, and select Properties.
4.
In the Properties dialog box, click the Delegation tab.
5.
Select Trust this computer for delegation to specified services only.
6.
Select Use any authentication protocol.
7.
Click the Add button. The Add Services dialog box appears.
8.
Click the Users or Computers button. The Select Users or Computers dialog box appears.
9.
Under Enter the object names to select, you must now enter the Service Principal Name (SPN) for
the Kerberized content server to which the host of the SAML Bridge will delegate.
•
If you are using Network Service to run an HTTP service, enter the name of the content server.
•
If you are using a domain account to run an HTTP service, enter the name of the domain
account.
•
If you are using Microsoft Cluster Server to run a CIFS server, enter the Network Name of the
group that contains the file share.
10. Optionally, click Check Names to verify that you entered the name correctly.
11. Click OK. The Add Services dialog box reappears, showing the available services for the object
whose SPN you specified.
12. To select one or more services to which the SAML Bridge will delegate, first identify the service type,
and then select the name in the User or Computer column.
To find the service type:
•
If the content server is a web server or SharePoint server, the service will be listed in the
Service Type column as HTTP.
•
If the content server is a file system, the service will be listed in the Service Type column as
CIFS.
To select the name of the services in the User or Computer column:
•
If users will access the content server by using the NetBIOS name, select that name.
•
If users will access the content server by using a DNS alias, select the DNS alias.
•
If the content server is a load balanced web server, select the associated virtual host name.
You’ll also need to select the NetBIOS name of each physical server represented by the virtual
host.
13. Click OK. The Properties dialog now reappears. Under Services to which this account can
present delegated credentials, you can see the list of services that you just specified.
14. Click OK to close the Properties dialog box and then close the Active Directory Users and
Computers snap-in.
Modifying the Windows Registry
This step is required only if the same IIS server is both a SAML Bridge host and a content server.
To avoid problems that occur when the SAML Bridge attempts to access the local web files, you’ll need
to update the Registry, by following the instructions in Microsoft KB article 896861
).