Google Search Appliance Documentation
Managing Search for Controlled-Access Content
Front Matter
Overview
Crawl, Index, and Serve
Use Cases with Public and Secure Serve for Multiple Authentication Mechanisms
Cookie-Based Authentication Scenarios
Using Trusted Applications
Index
Index
A
Active Directory
30
Administration > Certificate Authorities page
14,
27
Administration > LDAP Setup page
36
Administration > SSL Settings page
14,
27,
39
aes128-cts-hmac-sha1-96 encryption
28
aes256-cts-hmac-sha1-96 encryption
28
allow decision, authorization
42
API, policy ACL
43
applications, trusted
81–
86
arcfour-hmac encryption
28
artifact binding, HTTP
34
artifact resolver URL
34
authentication
client certificate-based
27–
28
connectors
35–
36
cookie-based
23–
25
description
9
HTTP-based
25–
26
Kerberos-based
28–
33
LDAP
36–
38
methods
17–
40
SAML
34–
35
silent
39
authorization
description
9
flexible authorization
41–
42
per-URL ACLs
42
policy ACLs
42
with Kerberos authentication
29
C
CACHE, flexible authorization
41
Cams
11
CIFS file share
7
client certificate-based authentication
description
27–
28
enabling
27
silent authentication
39
coarse-grained URL rules
45
connectors
authentication
35–
36
connector manager
55
flexible authorization
41
instance
55
Kerberos
29
per-URL ACLs
43
use case
60–
62
verified identity
76
content
public status
15
secure results in public search
16
secure status
15
secure vs. public
15–
17
Content Sources > Diagnostics > Crawl Status page
57
Content Sources > Web Crawl > Crawl URLs page
49
Content Sources > Web Crawl > Secure Crawl > Crawler Access page
12,
25,
53,
56,
57,
62,
78
Content Sources > Web Crawl > Secure Crawl > Forms Authentication page
11,
13,
15,
56,
57,
58,
78,
79
Content Sources > Web Crawl > Start and Block URLs page
11,
13,
49,
53,
57,
78,
79
cookie cracking
40,
69,
76
cookie-based authentication
cookie-cracking
69
description
23–
25
multiple cookie domains
24
redirect URL
23,
68
sample URL
23,
68
scenarios
66–
80
serve method
7,
8
silent authentication
39,
69
use case
55–
59
crawl
cookie-based access
11
document headers
43
HTTP Basic
12
Kerberos
13
NTLM HTTP
12
over HTTPS
14
per-URL ACLs
43
SAML
13
secure content
10–
15
use case
53,
56
crawler access
9,
53,
56
credential groups
client certificate-based authentication
27–
28
configuring
22
connectors
35–
36
cookie-based authentication
23–
25
creating
21–
22
default
21
description
18
group is optional option
22
HTTP-based authentication
25–
26
Kerberos-based authentication
28–
32
LDAP
36–
38
name
60
require a user-name option
21
SAML
34–
35
satisfaction
20
D
default credential group
21
deny decision, authorization
42
DENY, flexible authorization
41
des3-cbc-sha1 encryption
28
des-cbc-md5 encryption
28
E
earch > Secure Search > Trusted Applications page
84
encryption methods
28
exact-match URL rules
44,
45
F
feeds
web
53
with per-URL ACLs
43
file shares, SMB or CIFS
7
flexible authorization
allow decision
42
deny decision
42
indeterminate
42
rules
41
supported authorization mechanisms
41
using
41–
42
follow and crawl URLs
53,
57
force secure connections when serving
39
forms authentication
crawl method
7,
8
use case
56–
58
G
group is optional option
22
group lookup
38
H
HEADREQUEST, flexible authorization
41
HTTP
artifact binding
34
header, cookie cracking
40,
70
POST binding
34
HTTP Basic
crawl configuration
78
crawl method
7,
8
HTTP-based authentication
description
25–
26
serve method
7
use case
52–
55
HTTPS
crawl
54
enable crawl and serve
14
serve
12
serve with HTTP Basic and NTLM HTTP
39
I
Identity Provider
description
34
public key
34
indeterminate decision
42
index
excluding content
49
secure content
10
Integrated Windows Authentication
7
Internet Explorer, configuring for Kerberos authentication
32
K
Kerberos-based authentication
access method
7
configuring a search appliance
29
configuring Internet Explorer
32
configuring web browsers
32
cross-domain access
29
description
28–
33
KDC
30
keytab file
30,
63
rc4 encryption
30
seach by authorized users
63
seach by unauthorized users
65
serve method
7
silent authentication
39
SMB
28
supported authorization mechanisms
29
supported encryption methods
28
use case
62–
65
Windows content sources
28
Key Distribution Center (KDC)
30,
63
L
late binding
48
LDAP
enabling on a search appliance
38
integrating with a search appliance
36
LDAP-based authentication
description
36–
38
group lookup
38
serve method
7
M
Make Public checkbox
15,
53,
55,
56,
62
metadata and per-URL ACLs
43
Microsoft IIS server
54,
55,
58,
62
multiple cookie domains
24
N
NTLM authentication
7,
26,
79
NTLM HTTP
crawl method
7,
8
use case
52–
55
O
Oracle Access Manager
11
P
Page Layout Helper
16,
50
perimeter security
40
per-URL ACLs
connectors
43
description
42
document headers
43
feeds
43
flexible authorization
41
late binding
48
metadata
43
policy ACLs
adding
45
Allowed Users or Groups
45
API
43
coarse-grained URL rules
45
configuration files
46
credential groups
48
deleting
46
description
42
exact-match URL rules
44
general URL patterns
45
group lookup
38
late binding
48
matching prefix patterns
45
methods for adding to the index
43
rules
44
searching
47
URL Pattern to Protect
44
using verified identity from Kerberos
29
verified identity
76
POLICY, flexible authorization
41
POST binding, HTTP
34
POST request
86
primary verified identity
19
public key, Identity Provider
34
public search results
16
public status of content
15
R
rc4 encryption
28,
30
redirect to a SSO login form
68
redirect URL
23,
68
redirect URL authentication
69
removing secure content from the index
49
require a user-name option
21
return URL parameter
69
S
SAML authentication
artifact resolver URL
34
authentication SPI
34
description
34–
35
HTTP artifact binding
34
HTTP POST binding
34
Identity Provider
34
silent authentication
39
SAML authorization
flexible authorization
41
Kerberos
29
verified identity
76
sample URL
23,
25,
68,
75,
77
Search > Search Features > Front Ends page
49
Search > Secure Search > Flexible Authorization page
41
Search > Secure Search > Policy ACLs page
43,
45,
46,
47
Search > Secure Search > Universal Login Auth Mechanisms > Client Certificate page
28
Search > Secure Search > Universal Login Auth Mechanisms > Connectors page
35,
61
Search > Secure Search > Universal Login Auth Mechanisms > Cookie page
23,
58,
67–
79
Search > Secure Search > Universal Login Auth Mechanisms > HTTP page
25
Search > Secure Search > Universal Login Auth Mechanisms > Kerberos page
31,
63
Search > Secure Search > Universal Login Auth Mechanisms > LDAP page
38
Search > Secure Search > Universal Login Auth Mechanisms > SAML page
34,
35
Search > Secure Search > Universal Login Form Customization page
49,
50
Search > Secure Search > Universal Login page
21,
22,
40,
60
search results
excluding content
48
public
16
secure
55
secure status of content
15
serve
no results without user authentication
40
over HTTPS
14
perimeter security
40
silent authentication
39,
69,
77
single sign-on systems
11,
55,
68
SiteMinder
11,
24
SMB file share
7
SSL certificate
27
start URLs
53,
57
T
trusted applications
81–
86
U
Universal Login
description
17–
22
perimeter security
40
Universal Login Form
cannot use
72,
74
customizing
49–
51
description
20
use case
59,
61
URL Pattern to Protect
44
URLs
follow and crawl
53
start
53
V
verified identity
19,
38,
74,
76
W
web feed
53
Windows Authentication
54,
58
Windows Domain Controller (DC)
63
X
X.509 certificate
27
X-Groups header
40,
70,
77
X_GSA_CREDENTIAL_GROUP
header
85
X-GSA-External-Metadata HTTP header
43
X_GSA_USER
header
84
XSLT Stylesheet Editor
16
X-Username header
40,
70,
77