beautypg.com

Process overview of scenario 4 – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 77

background image

Google Search Appliance: Managing Search for Controlled-Access Content

77

Process Overview of Scenario 4

The following diagram provides an overview of the cookie authentication process in scenario 4. For
explanations of the numbers in the process, see the steps following the diagram.

1.

The user requests a secure search

2.

The browser sends a GET message to the search appliance.

3.

The search appliance checks its own session cookie to find out if authentication was previously
completed.

The search appliance sets a session cookie the first time a browser requests a secure search.

4.

If the search appliance’s session cookie is still valid, the authentication phase is complete.

If the search appliance’s session cookie is not valid, the search appliance sends a redirect response
that includes a return URL parameter to the browser (see “Return URL Parameter” on page 70).

This action forces the user to visit the Redirect URL.

5.

The browser sends a GET message with the return URL parameter to the Redirect URL.

6.

The user interacts with the Redirect URL and gets a cookie.

7.

The Redirect URL sends a redirect response with a cookie the browser.

8.

The browser redirects to the search appliance.

9.

The search appliance assumes that authentication was successful and uses any cookies sent by the
redirect URL in head requests.

Scenario 5: Necessary Cookie is Available for
Getting a Verified Identity

In scenario 5, it is a requirement to get a verified identity for use with policy ACLs, SAML Authorization,
or connectors. The system is set up so that the search appliance never forces the user to log in, but the
necessary cookie is available to the search appliance. In this scenario, a portal always forces the user to
log in and the search appliance gets the cookie from the portal.

Because the user is already logged in before sending a request to the search appliance, the only way to
get a verified identity is by using cookie cracking (see “Cookie Cracking” on page 70).

See also other documents in the category Google Software: