Cookie-based authentication scenarios, Http-based authentication – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Google Search Appliance: Managing Search for Controlled-Access Content

23

Cookie-Based Authentication Scenarios

Different organizations set up cookie-based authentication rules for the Google Search Appliance’s
Universal Login in a variety of different ways. The selections that you, as a search appliance
administrator, make by using the Admin Console depend on your system’s capabilities and your
organization’s requirements. For examples of setting up cookie-based authentication, see “Cookie-
Based Authentication Scenarios” on page 67.

HTTP-Based Authentication

During serve, secure content from sites that were crawled by using user accounts and passwords
entered on the Crawl and Index > Crawler Access page are handled by HTTP-based authentication.

Configuring a Credential Group for HTTP Basic or NTLM

Configure a credential group for HTTP-based authentication or NTLM by supplying a URL pattern and
sample URL on the Serving > Universal Login Auth Mechanisms >HTTP page in the Admin Console.
To configure an authentication domain that is protected by NTLM instead of HTTP Basic, click the NTLM
check box.

Sample URL

Supply a sample URL, which is any page in the protected site that all authenticated users can view. The
sample URL is used to detect whether a user has correct credentials for a particular authentication
method.

Each sample URL is checked before the Universal Login Form is presented, to determine if the user’s
initial set of cookies can “pre-satisfy” any or all credential groups. In additional, if any SSO Forms
methods are defined, the search appliance uses credentials gathered in the Universal Login Form to
gather cookies and then uses those cookies to retrieve the sample URL page. If the retrieval is
successful, the credentials are verified as correct.

For the URL pattern http://www.abcreports.com/, an example of a sample URL is http://
www.abcreports.com/status.html.

You can set up silent authentication with a sample URL page when the Require a user-name for this
credential group? option is selected on the Serving > Universal Login page by using cookie cracking.
With silent authentication, users are authenticated without being directed to a login page. For
information about this topic, see “Using Cookie Cracking” on page 37.

Adding a Credential Group Rule for HTTP Basic

To add a credential group rule for HTTP Basic authentication:

1.

Click Serving > Universal Login Auth Mechanisms > HTTP.

2.

Select a credential group from the pull-down menu.

3.

In the Mechanism Name box, type a unique name for the authentication mechanism. A
mechanism name must not be the same as another mechanism name or credential group name.
Mechanism names are case-sensitive and can be up to 200 characters long, and can contain only
alphanumeric characters, underscores, and hyphens. A name cannot begin with a hyphen.

4.

Type a sample URL for the site in the Sample URL box.

5.

Optionally, change the default time for the search appliance to make a network connection by
entering the number of seconds in the Timeout box.