Granting permissions for the saml bridge log file – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 9

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

9

V

erifying the Configuration in IIS 7 of the SAML Bridge Application Pool

This process verifies that the Application Pool Identity for SAML Bridge is Network Service.

1.

In the IIS Manager tree view, click to expand the Application Pools.

2.

Select the name of the application pool that was configured for SAML Bridge and select Advanced
Setting from the Actions pane.

3.

Under Process Model, verify that the value of Identity is set to Network Service.

4.

Click OK to close the dialog box.

Next, configure the IdP endpoint in IIS for SAML Bridge.

Configuring the IdP Endpoint in IIS for SAML Bridge

SAML Bridge supports both POST Binding, which is recommended, and Artifact Binding. As a SAML IdP,
SAML Bridge uses different endpoints for these binding types. The endpoint is where the search
appliance redirects the client to be authenticated. For POST Binding, Post.aspx is the authentication
endpoint. For Artifact Binding, Login.aspx is the authentication endpoint.

To configure the IdP endpoint so that the user’s browser sends Windows login credentials for
authentication:

1.

In the IIS Manager under Web Sites, select saml-bridge.

2.

Select the Content view.

3.

Select the appropriate endpoint:

If you are using POST Binding (recommended), select Post.aspx.

If you are using Artifact Binding, select Login.aspx.

4.

In the Actions pane, click Switch to Features view, which displays either the Post.aspx home or
Login.aspx home, depending on the endpoint you previously selected.

5.

Double-click the Authentication icon.

6.

Select Anonymous Authentication and click Disable in the Actions pane.

7.

Select Windows Authentication and click Enable in the Actions pane.

The endpoint file is treated differently from other files in SAML Bridge. The endpoint file identifies users
by enabling authentication. Other files (in particular, Resolve.aspx and Authz.aspx used for Artifact
Binding and authorization) must allow anonymous access in the virtual directory.

Granting Permissions for the SAML Bridge Log File

To grant permission for users to write to the SAML Bridge log file:

1.

Right-click the saml-bridge web site in IIS and select Explore.

2.

Right-click the ac.log file and select Properties.

3.

In the Security tab click Add... . The Select Users, Computers or Groups dialog box appears.

4.

Click Check Names. The saml-bridge web site is mapped to everyone in the current domain.

Advertising
Popular Brands
Popular manuals