Completing the configuration process – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual

Page 21

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

21

5.

Enter a URL into the field. Specify one of the URL or file resources that you picked earlier, either one
that you do have access to or one that you don’t have access to. Note that this page requires that if
you want to test a file on a file share, you must specify the URL by including the SMB protocol name,
using the following format:

SMB://rest-of-url

6.

Click Submit. The page returns an authorization response XML file. In the file, locate the Decision
code. You’ll see a “permit” code for content to which you have access and a “deny” code for content
to which you do not have access.

This is an example of a permit code:

<saml:AuthzDecisionStatement Resource="http://contentvm10/test2.html"
Decision="Permit">

This is an example of a deny code:

<saml:AuthzDecisionStatement Resource="http://contentvm10/test2.html"
Decision="Deny">

If the content server is down, or if there are configuration errors, the response contains the
following:

<saml:AuthzDecisionStatement Resource="http://contentvm10/test2.html"
Decision="Indeterminate">

Once you have successfully used the SAML Bridge with the simulator, you can set up communication
between the SAML Bridge and your search appliance.

Configuring the Search Appliance to Use the SAML Bridge
for Authorization

You must now configure the Google Search Appliance so that it uses the SAML Bridge for authorization.

To configure the search appliance to use SAML for Authorization, do the following:

1.

In the search appliance Admin Console, go to Serving > Access Control.

2.

Under Challenge users with HTTP Basic Authentication, select Never

3.

Under Authorization SPI, for Authorization Service URL, enter http(s)://SAML-
Hostname:port/saml-bridge/Authz.aspx

4.

Check Use batched SAML Authz Requests if you wish to send multiple URLs for authorization in a
single AuthZ HTTP request. Leave it unchecked if you do not wish to batch URLs for AuthZ. You
might see improved serve time performance if you enable Batch Authorization depending on how
quickly your content server responds to AuthZ requests from the SAML server.

5.

Click Save Settings.

Continue to the next section, “Completing the Configuration Process” on page 21.

Completing the Configuration Process

Complete the instructions in the following two sections regardless of whether you are using the SAML
Bridge for authentication only or for both authentication and authorization.

Advertising
Popular Brands
Popular manuals