beautypg.com

References, Troubleshooting, Using the authz log to troubleshoot problems – Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual

Page 31: Using xmllint to validate soap messages

background image

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide

31

References

GSA Admin Toolkit: Sample SPI for authentication and authorization [

https://code.google.com/p/

gsa-admin-toolkit/

]

SAML 2.0: [

http://www.oasis- open.org/specs/#samlv2.0

]

Google Search Appliance Universal Login with SPI: The GSA’s security-manager providing
universal login forms/SPI. [“The SAML Authentication Service Provider Interface (SPI)” in Managing
Search for Controlled-Access Content
]

XML Digital Signatures: Used for integrity protection of SAML Assertions. [

http://www.w3.org/TR/

xmldsig-core/

]

Troubleshooting

This section provides information for solving problems you might encounter with the SAML
Authentication and Authorization SPIs.

Using the AuthZ Log to Troubleshoot Problems

If you run into any issues, you can download the AuthN/AuthZ logs from the search appliance by using
the Serving > Access Control page in the Admin Console. For more information, click Help Center >
Serving > Access Control.

Using xmllint to Validate SOAP Messages

If you receive a 500 error from the search appliance during any part of the AuthN/AuthZ process, make
sure that the SOAP messages being sent to the search appliance are valid. To check if messages are
valid, use xmllint.