Google logo
Google Search Appliance Documentation
Managing Search for Controlled-Access Content
 PDF Previous Next
Front Matter
Overview
Crawl, Index, and Serve
Use Cases with Public and Secure Serve for Multiple Authentication Mechanisms
Cookie-Based Authentication Scenarios
Using Trusted Applications
Index

Index

A
Active Directory 30
Administration > Certificate Authorities page 14, 27
Administration > LDAP Setup page 36
Administration > SSL Settings page 14, 27, 39
aes128-cts-hmac-sha1-96 encryption 28
aes256-cts-hmac-sha1-96 encryption 28
allow decision, authorization 42
API, policy ACL 43
applications, trusted 81–86
arcfour-hmac encryption 28
artifact binding, HTTP 34
artifact resolver URL 34
authentication
client certificate-based 27–28
connectors 35–36
cookie-based 23–25
description 9
HTTP-based 25–26
Kerberos-based 28–33
LDAP 36–38
methods 17–40
SAML 34–35
silent 39
authorization
description 9
flexible authorization 41–42
per-URL ACLs 42
policy ACLs 42
with Kerberos authentication 29
C
CACHE, flexible authorization 41
Cams 11
CIFS file share 7
client certificate-based authentication
description 27–28
enabling 27
silent authentication 39
coarse-grained URL rules 45
connectors
authentication 35–36
connector manager 55
flexible authorization 41
instance 55
Kerberos 29
per-URL ACLs 43
use case 60–62
verified identity 76
content
public status 15
secure results in public search 16
secure status 15
secure vs. public 15–17
Content Sources > Diagnostics > Crawl Status page 57
Content Sources > Web Crawl > Crawl URLs page 49
Content Sources > Web Crawl > Secure Crawl > Crawler Access page 12, 25, 53, 56, 57, 62, 78
Content Sources > Web Crawl > Secure Crawl > Forms Authentication page 11, 13, 15, 56, 57, 58, 78, 79
Content Sources > Web Crawl > Start and Block URLs page 11, 13, 49, 53, 57, 78, 79
cookie cracking 40, 69, 76
cookie-based authentication
cookie-cracking 69
description 23–25
multiple cookie domains 24
redirect URL 23, 68
sample URL 23, 68
scenarios 66–80
serve method 7, 8
silent authentication 39, 69
use case 55–59
crawl
cookie-based access 11
document headers 43
HTTP Basic 12
Kerberos 13
NTLM HTTP 12
over HTTPS 14
per-URL ACLs 43
SAML 13
secure content 10–15
use case 53, 56
crawler access 9, 53, 56
credential groups
client certificate-based authentication 27–28
configuring 22
connectors 35–36
cookie-based authentication 23–25
creating 21–22
default 21
description 18
group is optional option 22
HTTP-based authentication 25–26
Kerberos-based authentication 28–32
LDAP 36–38
name 60
require a user-name option 21
SAML 34–35
satisfaction 20
D
default credential group 21
deny decision, authorization 42
DENY, flexible authorization 41
des3-cbc-sha1 encryption 28
des-cbc-md5 encryption 28
E
earch > Secure Search > Trusted Applications page 84
encryption methods 28
exact-match URL rules 44, 45
F
feeds
web 53
with per-URL ACLs 43
file shares, SMB or CIFS 7
flexible authorization
allow decision 42
deny decision 42
indeterminate 42
rules 41
supported authorization mechanisms 41
using 41–42
follow and crawl URLs 53, 57
force secure connections when serving 39
forms authentication
crawl method 7, 8
use case 56–58
G
group is optional option 22
group lookup 38
H
HEADREQUEST, flexible authorization 41
HTTP
artifact binding 34
header, cookie cracking 40, 70
POST binding 34
HTTP Basic
crawl configuration 78
crawl method 7, 8
HTTP-based authentication
description 25–26
serve method 7
use case 52–55
HTTPS
crawl 54
enable crawl and serve 14
serve 12
serve with HTTP Basic and NTLM HTTP 39
I
Identity Provider
description 34
public key 34
indeterminate decision 42
index
excluding content 49
secure content 10
Integrated Windows Authentication 7
Internet Explorer, configuring for Kerberos authentication 32
K
Kerberos-based authentication
access method 7
configuring a search appliance 29
configuring Internet Explorer 32
configuring web browsers 32
cross-domain access 29
description 28–33
KDC 30
keytab file 30, 63
rc4 encryption 30
seach by authorized users 63
seach by unauthorized users 65
serve method 7
silent authentication 39
SMB 28
supported authorization mechanisms 29
supported encryption methods 28
use case 62–65
Windows content sources 28
Key Distribution Center (KDC) 30, 63
L
late binding 48
LDAP
enabling on a search appliance 38
integrating with a search appliance 36
LDAP-based authentication
description 36–38
group lookup 38
serve method 7
M
Make Public checkbox 15, 53, 55, 56, 62
metadata and per-URL ACLs 43
Microsoft IIS server 54, 55, 58, 62
multiple cookie domains 24
N
NTLM authentication 7, 26, 79
NTLM HTTP
crawl method 7, 8
use case 52–55
O
Oracle Access Manager 11
P
Page Layout Helper 16, 50
perimeter security 40
per-URL ACLs
connectors 43
description 42
document headers 43
feeds 43
flexible authorization 41
late binding 48
metadata 43
policy ACLs
adding 45
Allowed Users or Groups 45
API 43
coarse-grained URL rules 45
configuration files 46
credential groups 48
deleting 46
description 42
exact-match URL rules 44
general URL patterns 45
group lookup 38
late binding 48
matching prefix patterns 45
methods for adding to the index 43
rules 44
searching 47
URL Pattern to Protect 44
using verified identity from Kerberos 29
verified identity 76
POLICY, flexible authorization 41
POST binding, HTTP 34
POST request 86
primary verified identity 19
public key, Identity Provider 34
public search results 16
public status of content 15
R
rc4 encryption 28, 30
redirect to a SSO login form 68
redirect URL 23, 68
redirect URL authentication 69
removing secure content from the index 49
require a user-name option 21
return URL parameter 69
S
SAML authentication
artifact resolver URL 34
authentication SPI 34
description 34–35
HTTP artifact binding 34
HTTP POST binding 34
Identity Provider 34
silent authentication 39
SAML authorization
flexible authorization 41
Kerberos 29
verified identity 76
sample URL 23, 25, 68, 75, 77
Search > Search Features > Front Ends page 49
Search > Secure Search > Flexible Authorization page 41
Search > Secure Search > Policy ACLs page 43, 45, 46, 47
Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate page 28
Search > Secure Search > Universal Login Auth Mechanisms > Connectors page 35, 61
Search > Secure Search > Universal Login Auth Mechanisms > Cookie page 23, 58, 67–79
Search > Secure Search > Universal Login Auth Mechanisms > HTTP page 25
Search > Secure Search > Universal Login Auth Mechanisms > Kerberos page 31, 63
Search > Secure Search > Universal Login Auth Mechanisms > LDAP page 38
Search > Secure Search > Universal Login Auth Mechanisms > SAML page 34, 35
Search > Secure Search > Universal Login Form Customization page 49, 50
Search > Secure Search > Universal Login page 21, 22, 40, 60
search results
excluding content 48
public 16
secure 55
secure status of content 15
serve
no results without user authentication 40
over HTTPS 14
perimeter security 40
silent authentication 39, 69, 77
single sign-on systems 11, 55, 68
SiteMinder 11, 24
SMB file share 7
SSL certificate 27
start URLs 53, 57
T
trusted applications 81–86
U
Universal Login
description 17–22
perimeter security 40
Universal Login Form
cannot use 72, 74
customizing 49–51
description 20
use case 59, 61
URL Pattern to Protect 44
URLs
follow and crawl 53
start 53
V
verified identity 19, 38, 74, 76
W
web feed 53
Windows Authentication 54, 58
Windows Domain Controller (DC) 63
X
X.509 certificate 27
X-Groups header 40, 70, 77
X_GSA_CREDENTIAL_GROUP
header 85
X-GSA-External-Metadata HTTP header 43
X_GSA_USER
header 84
XSLT Stylesheet Editor 16
X-Username header 40, 70, 77

Back to top

PDF Previous Next