beautypg.com

Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual

Page 13

background image

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide

13

GET /security-manager/
samlassertionconsumer?SAMLart=emwjzal36b2dfyoc8en74xmvg9kps5qr HTTP/1.1
Host: gsa.yourdomain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.19) Gecko/
2010031422 Firefox/3.0.19 (.NET CLR 4.0.20506)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://gsa.yourdomain.com/search?
site=default_collection&client=default_frontend&output=xml_no_dtd&proxystyleshee
t=default_frontend&pr oxycustom=%3CHOME/%3E
Cookie: JSESSIONID=DBF3B9029E3F442CDB78FABDFD4CFDE6; COOKIETEST=1;
GSA_SESSION_ID=f233e6451746aceec55a60e1a8f9708e

[6b] [6c] The security manager gets the artifact as the SAMLart parameter’s value, and sends a SOAP
POST to the Identity Provider over a (preferably mutually authenticated) HTTPS connection:

Figure 5: Security manager requesting Artifact Resolve

POST /artifact_service HTTP/1.0
Host: idp.yourdomain.com


"_19abdb7e3ada0f44ba2935c8ab53ef54"

IssueInstant="2010-07-16T02:05:06Z" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

http://google.com/enterprise/gsa/T2-I02BQQ2PYJSJT/security-manager


emwjzal36b2dfyoc8en74xmvg9kps5qr

The IDP receives this request and looks up the response associated with the
artifact. Also, the Issuer field in the response must match what was configured in the security
manager’s admin console. Take special note of the ID field correlation (items in red and purple).