More kerberos information – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 31
Google Search Appliance: Managing Search for Controlled-Access Content
31
4.
Under Security, select the checkbox labeled Enable Integrated Windows Authentication
(requires restart). This sets the browser to use Kerberos authentication.
5.
Click OK and restart Internet Explorer.
Configuring Firefox/Mozilla
To configure Firefox/Mozilla:
1.
Start Firefox.
2.
In the address bar at the top of the window, enter the command “about:config”.
3.
Double-click network.negotiate-auth.trusted-uris. Modify this parameter to include the
search appliance’s URL as a trusted URI.
4.
Double-click network.negotiate-auth.delegation-uris. Modify this parameter to include the
search appliance’s URL as a delegation URI.
5.
If you are using a Microsoft Windows domain controller and you are running Mozilla Firefox on
Microsoft Windows, verify that network.auth.use-sspi is set to true, which is its default value.
Note: For more on Mozilla and integrated authentication, see
More Kerberos Information
For more information about the Google Search Appliance and Kerberos, see the following documents:
•
How the Google Search Appliance uses Kerberos to Authenticate Users and to Authorize Users to See
Content
•
Troubleshooting Kerberos secure searches (
)
•
Google Search Appliance IWA/Kerberos test client
The SAML Authentication Service Provider Interface (SPI)
The Authentication and Authorization Service Provider Interfaces (SPIs) enable a search appliance to
communicate with an existing access control infrastructure using standard SAML messages.
This section describes the Authentication SPI. For information about the Authorization SPI, see “The
SAML Authorization Service Provider Interface” on page 47. For more detailed information about how
the Authentication and Authorization SPIs work, see the Authentication/Authorization for Enterprise SPI
Guide.
When implemented, the Authentication SPI allows search users to authenticate to the search appliance.
It is designed to allow customers to integrate the search appliance into an existing access control
infrastructure. Instead of authenticating search users itself, the search appliance redirects the user to
an Identity Provider (IP), a customer-implemented server, where the actual authentication takes place.
The IP then redirects the user back to the search appliance, while passing information that includes the
identity of the search user.
Before using the Authentication and Authorization SPI, you must configure the appliance to crawl and
index some secure controlled-access content. For more information, see “Configuring Crawl for the
SAML Authentication and Authorization Service Provider Interface” on page 11. The SPIs are only used
when a user queries for secure results.