Setting up serve – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 59

Google Search Appliance: Managing Search for Controlled-Access Content
59
3.
The search appliance provides the username “ALSearch” and the password entered in the Admin
Console.
4.
The web server verifies that ALSearch has access to view documents on comp.alpha.int.
5.
The search appliance crawls through all documents on comp.alpha.int and adds them to the
index.
For content on pers.def.int, which is protected by NTLM HTTP:
1.
The search appliance connects to pers.def.int over HTTPS.
2.
The Microsoft IIS server asks for credentials using Windows Authentication.
3.
The search appliance provides an NTLM HTTP message that contains the username “ALSearch” and
a response based on the password entered in the Admin Console.
4.
The IIS server verifies that ALSearch has access to view documents on pers.def.int. The search
appliance crawls through all documents on pers.def.int and adds them to the index.
For content on http://insidealpha.com and apacheserver.alphainside.com, which are protected
by forms authentication:
1.
First, the search appliance connects to http://insidealpha.com/.
2.
The web server asks for a session cookie.
3.
the search appliance recognizes the URL pattern and provides the cookie that was set in the Admin
Console under Crawl and Index > Forms Authentication.
4.
The web server verifies that crawler has access to view documents in the controlled access
directory.
5.
The search appliance crawls through all documents on http://insidealpha.com/ and adds them
to the index. Because these documents were accessed through a forms authentication rule with
Make Public cleared, they are labeled as “secure” in the index.
6.
Next, the search appliance connects to apacheserver.alphainside.com/ and repeats steps 2
through 5 by interacting with the apache server.
When the crawl completes, the index contains content from the sources.
Setting Up Serve
To centralize serve-time authentication for the protected content, Tanya, the system administrator,
configures the Default credential group:
1.
First, to add the single sign-on server http://insidealpha.com to the credential group, Tanya
opens Serving > Universal Login Auth Mechanisms > Cookie.
Because the Default credential group is already selected, Tanya does not need to select a credential
group from the pull-down menu.
2.
Tanya types http://insidealpha.com/inside.html, a sample URL for the site, in the Sample
URL box. Options for adding another cookie-based domain appear on the page. The Default
credential group is already selected.
3.
Tanya clicks Save.
4.
Next, to add apacheserver.alphainside.com, Tanya types apacheserver.alphainside.com/
alphainsider.html, a sample URL for the content protected by a custom apache script, in the
Sample URL box and clicks Save.