Locate the certificate to use – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 10

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

10

5.

Click OK.

6.

In the Permissions for Everyone list, check the box in the Full Control row and the Allow column.

7.

Click OK.

Additional Steps to Configure SAML Bridge for
POST Binding

POST Binding requires a public key and private key pair that are used to encrypt and decrypt the
response message from the SAML IdP. The SAML IdP uses the private key to encrypt the message, and
the search appliance uses the public key to decrypt it.

SAML Bridge looks for the certificate located in the server key store. You can follow the standard process
of enabling HTTPS for the IIS web site to create a key request, generate a certificate from your certificate
authorityCA, and upload it to the IIS server where SAML Bridge is installed. Although the certificate is
available for HTTPS serving, SAML Bridge can still use HTTP to serve.

To configure SAML Bridge for POST Binding, you must:

“Locate the Certificate to Use”

“Grant SAML Bridge Access to the Certificate”

“Obtain the Public Key”

Locate the Certificate to Use

If there is a certificate on the server where SAML Bridge is installed, locate the certificate name in the
server key store. You must copy the certificate name to the web.config file.

If there is not a ready-to-use certificate, you must create one. The certificate for SAML POST Binding can
be generated the same way it is for HTTPS serving in IIS. See

http://technet.microsoft.com/en-us/library/

cc753127(v=ws.10).aspx

for details on generating a certificate in Windows.

To locate the name of the certificate on the server and copy the certificate name to the web.config file:

1.

Select Run in the Start menu, and type mmc to display the management console.

2.

Choose File > Add/Remove Snap-in, and click Add to select a certificate to add. A wizard displays,
which lets you choose the account to manage certificates.

3.

Choose Computer Account, and click Next.

4.

Select Local Computer, and click Finish.

5.

In the previous dialog box, click Close, and then click OK to return to the main window.

6.

In the certificates tree, navigate to and expand the node named Personal. This is where certificates
are stored in IIS.

7.

Double click the certificate to display its properties.

8.

In the Details tab, locate the Friendly Name attribute, and copy it as the value for the
certificate_friendly_name attribute in the SAML Bridge web.config file.

Advertising
Popular Brands
Popular manuals