beautypg.com

Managing serve of controlled-access content, Configuring serve of controlled-access content – Google Search Appliance Getting the Most from Your Google Search Appliance User Manual

Page 20

background image

Google Search Appliance: Getting the Most from Your Google Search Appliance

Crawling and Indexing

20

Managing Serve of Controlled-Access Content

When a user issues a search request for controlled-access content, the search appliance verifies the
user’s identity and determines whether the user has authorization to view the content. This check is
performed before the search appliance displays any content in search results. By performing the results
access control checks in real-time, the Google Search Appliance ensures that users only see results they
are authorized to view.

A search appliance can use the following methods to establish the user’s identity:

HTML Forms-based Authentication

HTTP Basic or NTLM HTTP

Client Certificates

IWA (Integrated Windows Authentication) / Kerberos authentication against a domain controller.

The SAML Authentication and Authorization Service Provider Interface (SPI)

Connectors

LDAP

Once the user’s identity has been established, a search appliance attempts to determine whether the
user has access to the secure content that matches their search. The search appliance performs
authorization checks by applying flexible authorization rules. You can configure rules for:

Cache

Connectors

Deny

Headrequest

Policy Access Control List (ACL)

SAML

Per-URL ACL

The search appliance applies the rules in the order in which they appear in the authorization routing
table on the Serving > Flexible Authorization page.

If the authorization check is successful, the secure content that matches the search query is included in
the user’s search results.

Configuring Serve of Controlled-Access Content

The process for configuring serve of controlled-access content is dependent on the security method you
want to use, as described in the following list:

To configure a search appliance to perform forms authentication, use the Serving > Universal
Login Auth Mechanisms > Cookie page.

To configure a search appliance to perform HTTP Basic or NTLM HTTP authentication, use the
Serving > Universal Login Auth Mechanisms > HTTP page.

To configure the search appliance to require X.509 Certificate Authentication for search requests
from users, use the Serving > Universal Login Auth Mechanisms > Client Certificate page.

See also other documents in the category Google Software: