Performing a test search, Troubleshooting saml bridge for authentication, You are prompted when testing impersonation – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 14

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

14

For information on how to enable SSL for SAML Bridge, refer to the Microsoft IIS documentation.

Performing a Test Search

Perform a search of secure content. You should not be prompted to log in. You can now proceed to
configure policy ACLs or a connector for authorization.

Troubleshooting SAML Bridge for Authentication

This section contains some troubleshooting tips that apply to authentication. Some general tips for
narrowing your problem are:

If one account can’t be impersonated, try a different account.

If one URL doesn’t work, try another.

If one content server can’t be authorized, set up a simple web server and use it as the content
server.

Set the log level in the SAML Bridge web.config file to ‘debug’, and then view the ac.log file for log
messages.

Monitor these additional files: the web server log, the Windows audit events in the event viewer,
and the results produced by Kerberos tracing tools.

You Are Prompted When Testing Impersonation

Problem

When you test impersonation (see “Verifying the SAML Bridge Configuration”) by accessing one of the
following URLs, you are prompted to enter your username and password when you should not be
prompted:

http://your_saml_bridge_host:port/saml-bridge/Post.aspx (POST Binding)

or

http://your_saml_bridge_host:port/saml-bridge/Login.aspx (Artifact Binding)

Resolution

If you enter credentials and are granted access, the cause of this problem can be one of the following:

Security for the .aspx file might be configured incorrectly.

Your Internet Explorer browser is using enhanced security settings, and the SAML Bridge host is not
recognized as an Intranet site.

If you enter credentials but are not granted access, the Kerberos configuration may be incorrect and
might have duplicate SPNs configured. Contact Microsoft Support.

Advertising
Popular Brands
Popular manuals