beautypg.com

Multiple cookie domains – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 22

background image

Google Search Appliance: Managing Search for Controlled-Access Content

22

To add a credential group rule for cookie-based authentication:

1.

Click Serving > Universal Login Auth Mechanisms > Cookie.

2.

Select a credential group from the pull-down menu.

3.

Optionally, click When sample URL check fails, expect the sample page to redirect to a form
and log in to that form.

4.

In the Mechanism Name box, type a unique name for the authentication mechanism. A
mechanism name must not be the same as another mechanism name or credential group name.
Mechanism names are case-sensitive and can be up to 200 characters long, and can contain only
alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen.

5.

Type a sample URL for the site in the Sample URL box.

6.

Optionally, change the default time for the search appliance to make a network connection by
entering the number of seconds in the Timeout box.

7.

Optionally, type a URL in the Redirect URL box.

8.

Optionally, type the number of seconds that the verification of user credentials will be trusted in
the Trust Duration box.

9.

Click Save.

For more information about how to configure a credential group for cookie-based authentication, click
Help Center > Serving > Universal Login Auth Mechanisms > Cookie.

Multiple Cookie Domains

The Google Search Appliance can work with Cookie Provider of Computer Associates SiteMinder Web
Access Manager in supporting multiple cookie domains.

For example, suppose your organization has the following two web servers hosted in different DNS
domains:

Web server A hosts Accounts.com

Web server B hosts Investments.com

Authentication and authorization for web server A and web server B are controlled by disparate
SiteMinder SSO servers. The Google Search Appliance is deployed in domain Accounts.com.

When a user performs a search against the Google Search Appliance, she provides her username and
password to get access to the protected content. After the user is authenticated, SiteMinder Web Access
Manager issues a set of session cookies that includes one cookie for the Accounts.com domain and
another cookie for the Investments.com domain. In other words, the user logs in once, to
Accounts.com, and through SiteMinder cross-domain single sign-on, she gains access to both
Accounts.com and Investments.com.

The Google Search Appliance recognizes these correlated cookie domains and keeps the cookies
synchronized.

See also other documents in the category Google Software: