For more information, Overview, Silently authenticate users with the saml bridge – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual
Page 6
Google Search Appliance: Enabling Windows Integrated Authentication
6
For More Information
For background information on the technology described in this document, refer to these sources:
•
The topic “The SAML Authentication Service Provider Interface (SPI)” in the document Managing
Search for Controlled-Access Content, and the online help topics on the pages cited in that topic.
•
The Authentication/Authorization for Enterprise SPI Guide. The SAML Bridge is an application of the
Google Search Appliance Authentication/Authorization SPI, for which it has the roles of Identity
Provider and Policy Decision Point. These terms are explained in the SPI Guide.
•
A Google search on SAML
) can provide background
information on the SAML protocol.
Overview
Google SAML Bridge for Enterprise facilitates authentication and authorization for search results,
mediating between your users and your Windows domain. The SAML Bridge is implemented as an
ASP.NET website that resides in IIS. It enables users to gain seamless access to content that resides on
file systems, web servers, or Microsoft Office SharePoint servers.
SAML Bridge can be used for the following use cases
•
Silently Authenticate Users with the SAML Bridge
•
Authorize Content with the SAML Bridge
The following sections describe the differences between these use cases.
Silently Authenticate Users with the SAML Bridge
There are two possible use cases when the SAML Bridge is used for silent authentication:
•
NTLM silent authentication using the search appliance: Only NTLM can be used for
authentication. Kerberos cannot be used directly with search appliance here. Policy and/or Per-URL
ACLs can be used for authorization.
•
NTLM/Kerberos silent authentication using Google Search Box: Google Search Box for
SharePoint is embedded in an NTLM-enabled SharePoint portal, and the SharePoint connector
performs authorization. This use case is available only when SharePoint is the content repository
and the SharePoint connector is used.
The following process describes the role of the SAML Bridge in the lifecycle of a search query when the
SAML bridge is used for authentication only:
1.
A user performs a secure search.
2.
The search appliance redirect the user to the SAML Bridge.
3.
The SAML Bridge authenticate the user.
4.
Search appliance gets the user name (and domain, if configured) from the SAML Bridge. This is the
verified identity.
5.
The search appliance then proceeds to pass the verified identity of the search user to the
authorization phase.