Set up for scenario 3, Process overview of scenario 3 – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Google Search Appliance: Managing Search for Controlled-Access Content

75

Scenario 3: Cannot Use Universal Login Form and
Need Identity Verified Silently

Scenario 3 is a variation of scenario 2 (see “Scenario 2: Cannot Use Universal Login Form” on page 73).
As in scenario 2, the system cannot use the Universal Login Form. But in this scenario, you need a
verified identity to use with policy ACLs. The sample URL’s server provides the verified identity.

Set Up for Scenario 3

In scenario 3, sample URL’s server is configured for cookie cracking (see “Cookie Cracking” on page 70),
meaning that it can provide silent authentication and a verified username and/or groups for the
credential group that is associated with the sample URL.

If the search appliance does not receive a 200 response from the sample URL, the search appliance
redirects to the SSO Login Form so that the user can log in and get cookies.

For scenario 3, set up a cookie authentication rule by performing the following tasks:

•

Specify a Sample URL

•

Specify the SSO Login Form as the Redirect URL

Because the sample URL does not redirect to a login form that is compatible with the search appliance,
you do not need to check When sample URL fails, expect the sample page to redirect to a form,
and log in to that form.

Process Overview of Scenario 3

The following diagram provides an overview of the cookie authentication process in scenario 3. For
explanations of the numbers in the process, see the steps following the diagram.

1.

The user requests a secure search.

2.

The browser sends a GET message to the search appliance.