beautypg.com

Process overview of scenario 7 – Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 81

background image

Google Search Appliance: Managing Search for Controlled-Access Content

81

Process Overview of Scenario 7

The following diagram provides an overview of the cookie authentication process in scenario 7. For
explanations of the numbers in the process, see the steps following the diagram.

1.

The user requests a secure search.

2.

The browser sends a GET message to the search appliance.

3.

The search appliance checks its own session cookie to find out if authentication was previously
completed.

The search appliance sets a session cookie the first time a browser requests a secure search.

4.

If the search appliance’s session cookie is still valid, the authentication phase is complete.

If the search appliance’s session cookie is not valid, the search appliance checks the content server
by using the sample URL to detect if other cookies that the browser has sent are valid.

5.

If the sample URL check for the user credentials is successful, the content server sends a 200
response to the search appliance and authentication is complete.

If the sample URL check is not successful, the content server sends any response except a 200 to
the search appliance.

6.

The search appliance sends a redirect response pointing to the redirect URL that includes a return
url parameter to the browser (see “Return URL Parameter” on page 70).

This action forces the user to visit the NTLM login page (redirect URL).

7.

The browser sends a GET message with the return URL parameter to the NTLM login page.

8.

The user interacts with the NTLM login page and gets a cookie.

9.

The NTLM login page sends a redirect response with a cookie to the address specified in the return
URL parameter, which leads to the search appliance.

10. The authentication phase begins again at step 4. The search appliance checks the content server by

using the sample URL to detect whether the cookie is correct.