beautypg.com

Managing serve of controlled-access content, Configuring serve of controlled-access content – Google Search Appliance Getting the Most from Your Google Search Appliance User Manual

Page 21

background image

Google Search Appliance: Getting the Most from Your Google Search Appliance

Crawling and Indexing

21

Managing Serve of Controlled-Access Content

When a user issues a search request for controlled-access content, the search appliance verifies the
user’s identity and determines whether the user has authorization to view the content. This check is
performed before the search appliance displays any content in search results. By performing the results
access control checks in real-time, the Google Search Appliance ensures that users only see results they
are authorized to view.

A search appliance can use the following methods to establish the user’s identity:

HTML Forms-based Authentication

HTTP Basic or NTLM HTTP

Client Certificates

IWA (Integrated Windows Authentication) / Kerberos authentication against a domain controller.

The SAML Authentication and Authorization Service Provider Interface (SPI)

Connectors

LDAP

Once the user’s identity has been established, a search appliance attempts to determine whether the
user has access to the secure content that matches their search. The search appliance performs
authorization checks by applying flexible authorization rules. You can configure rules for:

Cache

Connectors

Deny

Headrequest

Policy Access Control List (ACL)

SAML

Per-URL ACL

File system (SMB)

The search appliance applies the rules in the order in which they appear in the authorization routing
table on the Search > Secure Search > Flexible Authorization page.

If the authorization check is successful, the secure content that matches the search query is included in
the user’s search results.

Configuring Serve of Controlled-Access Content

The process for configuring serve of controlled-access content is dependent on the security method you
want to use, as described in the following list:

To configure a search appliance to perform forms authentication, use the Search > Secure Search
> Universal Login Auth Mechanisms > Cookie page.

To configure a search appliance to perform HTTP Basic or NTLM HTTP authentication, use the
Search > Secure Search > Universal Login Auth Mechanisms > HTTP page.

See also other documents in the category Google Software: