Secure content and public content, Or secure – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Google Search Appliance: Managing Search for Controlled-Access Content

13

Secure Content and Public Content

Once controlled-access content is present in the index, the search appliance labels it as “secure” or
“public”:

•

If the content is labeled “public,” any user with access to the search appliance can view links to
content in response to a search query.

•

If the content is labeled “secure,” the search appliance must authenticate the user and verify that
the user has authorization to view the content before the search appliance includes links to the
content in the search results.

It’s important to understand that when controlled-access content is labeled as “public” in the index, it is
shown in all users’ search results. Because public search results are served from the index without
checking for authorization, users can discover all public content that the search appliance has access to,
regardless of whether they have authorization to view that content.

A user who is searching for protected content is prompted for her credentials once for each set of
authentication mechanisms that share a username and password. The user enters her credentials on
the Universal Login Form.

How a Search Appliance Labels Controlled-Access Content
Sources as Public or Secure

When crawling and indexing controlled-access content over HTTP or HTTPS, the search appliance
assigns public or secure status based on the type of crawl, and the Make Public checkbox in the Admin
Console. If the Make Public checkbox is selected on the Crawl and Index > Forms Authentication
page, content is labeled as public. When the checkbox is cleared, content is labeled as secure.

The search appliance assigns status from these pages:

•

Forms Authentication: Forms Authentication sites are controlled-access content sources that
require the search appliance to obtain a session cookie from a login form. Most commercial single
sign-on (SSO) solutions use this method of authentication. A search appliance can have multiple
Forms Authentication rules for crawl and index. Forms authentication also configures actions for
sites that require a session cookie to allow the search appliance to crawl the site.

•

Web and content feeds: the authmethod attribute for the record specifies whether content is
treated as public or secure.

•

To make feed content public, set the authmethod value to none. This is the default for content
provided by feeds.

•

To make feed content secure, set the authmethod value to ntlm, httpbasic, or httpsso.

•

Databases: All content from a database is labeled as public during serve.

•

Connectors: If the connector supports authentication and authorization, and the Make Public
checkbox is cleared, content from that connector is labeled as secure. In all other cases, content
from a connector is labeled as public. To determine whether a connector instance supports
authentication and authorization, look up Security Support in the Configuration guide for your
connector.