Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual
Page 13

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide
13
GET /security-manager/
samlassertionconsumer?SAMLart=emwjzal36b2dfyoc8en74xmvg9kps5qr HTTP/1.1
Host: gsa.yourdomain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.19) Gecko/
2010031422 Firefox/3.0.19 (.NET CLR 4.0.20506)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://gsa.yourdomain.com/search?
site=default_collection&client=default_frontend&output=xml_no_dtd&proxystyleshee
t=default_frontend&pr oxycustom=%3CHOME/%3E
Cookie: JSESSIONID=DBF3B9029E3F442CDB78FABDFD4CFDE6; COOKIETEST=1;
GSA_SESSION_ID=f233e6451746aceec55a60e1a8f9708e
[6b] [6c] The security manager gets the artifact as the SAMLart parameter’s value, and sends a SOAP
POST to the Identity Provider over a (preferably mutually authenticated) HTTPS connection:
Figure 5: Security manager requesting Artifact Resolve
POST /artifact_service HTTP/1.0
Host: idp.yourdomain.com
"_19abdb7e3ada0f44ba2935c8ab53ef54" IssueInstant="2010-07-16T02:05:06Z" Version="2.0" http://google.com/enterprise/gsa/T2-I02BQQ2PYJSJT/security-manager emwjzal36b2dfyoc8en74xmvg9kps5qr
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
The IDP receives this
artifact. Also, the Issuer field in the response must match what was configured in the security
manager’s admin console. Take special note of the ID field correlation (items in red and purple).