Authorize content with the saml bridge, Prerequisites for all saml bridge installations, Content server prerequisites – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual

Page 7

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

7

Authorize Content with the SAML Bridge

The following process describes the role of the SAML Bridge in the lifecycle of a search query when the
SAML Bridge is used for authorization:

1.

A user creates a search query that includes secure content.

2.

The search appliance authenticates the user and passes the verified identity to the authorization
process.

3.

The search appliance determines the search results for the user. If the results include secure
content, the search appliance uses the Authorization SPI to send an authorization request to the
SAML Bridge. The SAML Bridge must then verify the user's permissions to view the results.

4.

The SAML Bridge checks the user's access to the search results content by impersonating the user
to the content server.

5.

If SAML bridge is using NTLM, it sends a headrequest on the user's behalf to content server.

6.

If SAML Bridge is using Kerberos, it obtains a Kerberos ticket to use on the user's behalf. This is
possible because the domain server is configured to enable the SAML Bridge to impersonate the
user to the content server.

7.

The SAML bridge tells the GSA which documents the user has access to.

Review “Authentication/Authorization for Enterprise SPI Guide” for more details about communications
between search appliance and SAML Bridge host.

Meeting the Prerequisites for Installing the
SAML Bridge

Before installing the SAML Bridge, you’ll need to check software versions and perform some
configuration.

Prerequisites for All SAML Bridge Installations

The following prerequisites apply regardless of whether the SAML Bridge is used for authentication and
authorization or only for authentication:

“Content Server Prerequisites” on page 7

“SAML Bridge Host Prerequisites” on page 8

Content Server Prerequisites

You can use the SAML Bridge with file shares or other content servers. The following content servers
were tested:

Advertising
Popular Brands
Popular manuals