Saml batch authorization requests – Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual
Page 25
Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide
25
The following is an example of a possible response from the Policy Decision Point:
HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: nnn
IssueInstant="2010-07-16T02:05:08Z" Version="2.0" IssueInstant="2010-07-16T02:05:08Z" Version="2.0"> myauthn user1 Resource=" http://content2.yourdomain.com/doc.html"> GET
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
SAML Batch Authorization Requests
SAML batch authorization requests enable the search appliance to cache authorization requests for
users. For each user who performs a search query that involves secure content, the search appliance
first determines the relevant URLs and then determines whether the user has access to the content. The
search appliance makes an authorization request to the appropriate web servers and then stores the
authorization data. The search appliance uses the cached authorization information for subsequent
searches, making those searches faster.
You can use batched SAML authorization requests if your SAML provider supports the Google SAML
batch authorization extension. If not, do not use batched SAML authorization requests.
1.
You can enable this feature in the Admin Console on the Serving > Access Control page in the
Authorization SPI section.