Universal login form, Credential group satisfaction – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 18
Google Search Appliance: Managing Search for Controlled-Access Content
18
Universal Login Form
After credential groups are configured, whenever a user performs a secure search, and the user is not
already authenticated, the Google Search Appliance presents the Universal Login Form, shown in the
following figure. The Universal Login Form is the primary way the search appliance gathers user
credentials (usernames and passwords). The user’s credentials are applied to all the systems in the
credential groups for which the user supplies a username and password.
The Universal Login Form can contain multiple sets of user name and password fields—one set for
each credential group.
You can use the default Universal Login Form or create one that is specific to your organization. For
more information, see “Customizing the Universal Login Form” on page 50.
Credential Group Satisfaction
The following process gives an overview of how the Universal Login Form determines if a user’s
credentials satisfy configured credential groups:
1.
The Universal Login Form checks the existing cookies that the user already has to see whether its
configured credential groups are already satisfied. The authentication mechanism can return one
of three answers: verified, rejected, or indeterminate (which usually means an error occurred and a
definitive answer couldn’t be found). If any mechanism answers “rejected,” the credential group is
not satisfied.
2.
If all credential groups are satisfied, the Universal Login Form is skipped and appropriate results
are displayed.
If only some are satisfied, the logins for those credential groups are disabled (grayed-out).
3.
The Universal Login Form presents a challenge for each configured-but-unsatisfied credential
group.
4.
The user enters her credentials for each unsatisfied credential group on the Universal Login Form.
5.
The Universal Login Form attempts to verify each provided credential, and updates which
credential groups are satisfied.