Before you begin – Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual
Page 4

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide
4
Authentication/Authorization for
Enterprise SPI Guide
The SAML Authentication and Authorization Service Provider Interfaces (SPIs) enable a Google Search
Appliance to communicate with an existing access control infrastructure via standard Security Assertion
Markup Language (SAML) messages. The Authentication and Authorization SPIs are also required to
support Windows Integrated Authentication with the Google SAML Bridge for Windows.
This document describes how to set up the Identity Provider and Policy Decision Point web services that
are required by the Authentication and Authorization SPIs.
For more information on search appliance configuration for use with these SPIs, refer to “Configuring
Crawl for the SAML Authentication and Authorization Service Provider Interface” in Managing Search for
Controlled-Access Content.
This document describes features that are available in version 6.4 and later of the search appliance.
Authentication (AuthN) is used to identify users, and authorization (AuthZ) is used to allow users access
to documents according to their credentials.
The Authorization SPI (see “Authorization” on page 18) requires web services from a Policy Decision
Point and an authentication method. The Authorization SPI can be used with any one of the following
authentication methods:
•
The SAML Authentication SPI (see “Authentication” on page 6), which requires web services from an
Identity Provider
•
LDAP directory service integration, including ActiveDirectory
•
x.509 Certificates for user authentication
•
Forms-based SSO with the cookie-cracker (see “Using Cookie Cracking” in Managing Search for
Controlled-Access Content).
Note: Authentication through LDAP integration or x.509 certificates is configured on the search
appliance. For more information on these authentication methods, refer to Managing Search for
Controlled-Access Content.
Before You Begin
To write an Identity Provider and Policy Decision Point web service, you should be familiar with these
technologies.
•
XML: Extensible Markup Language.