beautypg.com

Scenario 2: cannot use universal login form, Set up for scenario 2 – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 73

background image

Google Search Appliance: Managing Search for Controlled-Access Content

73

4.

If the search appliance’s session cookie is still valid, the authentication phase is complete.

If the search appliance’s session cookie is not valid, the search appliance checks the content server
by using the sample URL to detect whether other cookies that the browser has sent are valid.

5.

If the user is logged in, the content server sends a 200 response to the search appliance and
authentication is complete.

If the user is not logged in, the content server sends a 302 redirect response to the search
appliance.

6.

The search appliance sends a GET message to the SSO Login Form located at the URL where it was
redirected.

7.

The SSO Login Form sends an empty SSO Login Form to the search appliance.

8.

If the search appliance has the user credentials, it completes the SSO Login Form and sends it to the
SSO system. If the search appliance does not have user credentials, it sends an empty Universal
Login Form to the browser.

9.

The user provides a username and password for each credential group in the Universal Login Form
and submits it.

10. The browser sends the completed Universal Login Form to the search appliance.

11. The search appliance adds the username and password to the SSO Login Form and sends it to the

SSO system.

12. The SSO system logs in the user, sets a cookie, and sends it with a redirect response that points the

search appliance to the content server.

13. The authentication phase begins again at step 4. The search appliance checks the content server by

using the sample URL to detect whether the cookie is correct.

Scenario 2: Cannot Use Universal Login Form

In scenario 2, the system cannot use the Universal Login Form. For example, if a corporate SSO login
system uses JavaScript, the Universal Login Form cannot log in to it. However, the user can be redirected
to a form where she can log in and get cookies.

Scenario 2 is similar to using the Always redirect to external login server option on the Serving >
Forms Authentication page in the search appliance’s legacy authentication.

Set Up for Scenario 2

In scenario 2, if the search appliance does not receive a 200 response from the sample URL, the search
appliance redirects to the SSO Login Form so that the user can log in and get cookies.

For scenario 2, set up a cookie authentication rule by performing the following tasks:

Specify a Sample URL

Specify the SSO Login Form as the Redirect URL

Because the sample URL does not redirect to a login form that is compatible with the search appliance,
you do not need to check When sample URL fails, expect the sample page to redirect to a form,
and log in to that form.

See also other documents in the category Google Software: