Google Search ApplianceAuthentication/Authorization for Enterprise SPI GuideGoogle Search Appliance software version 6.8 and laterOctober 2010
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 10HTTP/1.x 302 Moved TemporarilyServer: Apache-Coyote/1.1Set-Cookie: JS
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 11The SAMLRequest is first DEFLATE-compressed, then Base 64 encoded, th
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 12After Authentication, the IdP can either use Artifact Binding or POST
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 13GET /security-manager/samlassertionconsumer?SAMLart=emwjzal36b2dfyoc8
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 14An artifact must not be reusable. Once an artifact is dereferenced, t
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 15</samlp:ArtifactResponse></SOAP-ENV:Body></SOAP-ENV:En
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 16<form action="https://gsa.yourdomain.com/security-manager/sam
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 17With the base64 encoded form of the signed SAML Response:<samlp:Re
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 18<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#en
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 19When a user performs a search over access-controlled documents, the u
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 2Google, Inc.1600 Amphitheatre ParkwayMountain View, CA 94043www.google
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 20Here are the relevant portions of the SAML schema (see http://www.oas
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 21<element name="Subject" type="saml:SubjectType"
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 22Here are some relevant portions of the SAML schema for the response:&
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 23<element name="Assertion" type="saml:AssertionType&
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 24Since the URL found in the cache link (the cache URL pointed to by th
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 25The following is an example of a possible response from the Policy De
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 262. Enter the URL of the service so that the system can access the ser
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 27The following is an example of a message the search appliance sends t
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 28In return, the search appliance expects to receive one or more SAML R
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 29GET</saml:Action></saml:AuthzDecisionStatement></saml:
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 3ContentsAuthentication/Authorization for Enterprise SPI Guide ...
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 30SPI CallFlow DiagramThe following diagram is the complete call flow f
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 31References• GSA Admin Toolkit: Sample SPI for authentication and auth
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 32IndexSymbols&SAMLRequest= 9, 11AActiveDirectory 4Apache Axis 5Art
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide Index 33Xx.509 certificates 4XML 4, 6XML digital signature 15XML digita
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 4Authentication/Authorization for Enterprise SPI GuideThe SAML Authenti
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 5• SAML 2.0: An XML-based standard whose primary use case is inter-doma
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 6AuthenticationPurpose of the Google Search Authentication SPIWhen impl
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 7• Depending on the SAML Binding option:Artifact Binding• The Identity
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 8Assume no prior search appliance session or SSO cookie has been grante
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 9GET /security-manager/samlauthn? SAMLRequest=fZJNT8MwDEDvSPyHKPeuHxIMR
Comments to this Manuals