Only some accounts can be impersonated, More troubleshooting steps, Authorize content with saml bridge – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 15

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

15

Only Some Accounts Can Be Impersonated

Problem

When you test impersonation (see “Verifying the SAML Bridge Configuration”), some users can be
impersonated but others cannot.

Suggestion

There are many reasons why user security can be inconsistent. One method to resolve this problem is
as follows:

1.

Select a couple of users from the group that can be impersonated and a couple of users from the
group that cannot be impersonated.

2.

Open the Active Directory Users and Computers console.

3.

Click View > Advanced.

4.

Select a user account that cannot be impersonated and double click to display the Properties
window.

5.

Select the Security Window.

6.

By default, the permissions for Authenticated Users is Read.

7.

If the user you selected does not have Read access, grant that user Read access.

8.

Click Apply and then click OK.

More Troubleshooting Steps

For more troubleshooting steps, visit the SAML Bridge wiki (

http://code.google.com/p/google-saml-

bridge-for-windows/wiki/SAMLBridgeFAQsTroubleshooting

).

Authorize Content with SAML Bridge

Although SAML Bridge can also be used to authorize content that resides on web servers, this is no
longer a common use for it. If you will be using SAML Bridge for authorization because your
environment requires it as described in the “Overview” on page 5, follow steps in this section to meet
prerequisites for installing and configuring it.

The following process describes the role of SAML Bridge in the lifecycle of a search query when SAML
Bridge is used for authorization:

1.

A user creates a search query that includes secure content.

2.

The search appliance authenticates the user and passes the verified identity to the authorization
process.

3.

The search appliance determines the search results for the user. If the results include secure
content, the search appliance uses the Authorization SPI to send an authorization request to SAML
Bridge. SAML Bridge then verifies the user's permissions to view the results.

Advertising
Popular Brands
Popular manuals