Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 12

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

12

You’ll see a response such as the following, which assumes that your domain is sam1 and your Windows
account is davidd.

Application Pool Identity = NT AUTHORITY\NETWORK SERVICE
Your Windows account = sam1\davidd
Use Login.aspx?subject=user@domain to test impersonation

The NETWORK SERVICE keyword shows that SAML Bridge is properly configured to use Network Service.
If Application Pool Identity is not set to Network Service, follow steps in “Verifying the Configuration in
IIS 6.0 of the SAML Bridge Application Pool” on page 8 or “Verifying the Configuration in IIS 7 of the
SAML Bridge Application Pool” on page 9, depending on the version of IIS you use.

In the response, you’ll see your own domain and login information, because you accessed the file. When
the system is in use, the file obtains the domain and login information for each authenticated user.

C

onfiguring the Search Appliance to use SAML

Bridge for Authentication

When you configure the search appliance to use SAML Bridge for authentication, you configure it to use
the authentication SPI.

To configure the search appliance, do the following:

1.

In the search appliance Admin Console, click Search > Secure Search > Universal Login Auth
Mechanisms.

2.

In the SAML tab, select the credential group from the drop-down list.

3.

Type a value in the Mechanism Name field.

The name you enter will appear as an Authentication ID on the Search > Secure Search > Flexible
Authorization page. The Mechanism Name enables you to instruct the authorization mechanism
to use a session identity from a specific credential group or instance of an authentication
mechanism.

4.

Type a value in the IDP Entity ID field.

The IDP Entity ID uniquely identifies the SAML Bridge installation. To locate this value, navigate to
the saml-bridge virtual directory and open the web.config file. If this value is blank in the
web.config file, use the host name for this value.

5.

In the Login URL field, type the login URL of SAML Bridge, which is in the format:

http(s)://saml-hostname:port/saml-bridge/Login.aspx

6.

Specify the binding in which the search appliance communicates with the SAML Bridge server:

If you're using POST Binding, which is recommended, enter the Public Key of IDP. Leave Artifact
Resolver URL blank. The POST Binding URL is in the format:

http(s)://saml-hostname:port/saml-bridge/Post.aspx

If you're using Artifact Binding, enter the Artifact Resolver URL. Do not specify a Public Key of
IDP. The Artifact Resolver URL is in the format:

http(s)://saml-hostname:port/saml-bridge/Resolve.aspx

7.

Click Save.

Advertising
Popular Brands
Popular manuals