beautypg.com

Using delegated authorization – Google Search Appliance Configuring GSA Unification User Manual

Page 11

background image

Google Search Appliance: Configuring GSA Unification

11

Using Delegated Authorization

Use delegated authorization when you want authorization to be performed first on the secondary
nodes, with authorization on the primary node only when a secondary node is unable to authorize a
user to view a document.

You enable delegated authorization on the search appliance Admin Console when you set up a unified
environment. Check the Use delegated authorization checkbox on the GSA Unification > Host
Configuration page on the primary search appliance and on all secondary search appliances.

Forms-based
authentication
with user
impersonation
for secure
serve

User provides credentials
on a form configured on
the primary search
appliance. The primary
search appliance uses a
cookie for authorization
using the head requestor
for each search result
returned by a secondary
search appliance.

Configure forms
authentication for serve.

Configure form-based
authentication for
crawl.

SAML
authentication
with external
authorization
SPI

User provides credentials
on a form configured on
the primary search
appliance. The primary
search appliance uses a
cookie for authorization
using the head requestor
for each search result
returned by a secondary
search appliance.

Configure forms
authentication for serve as on
a single-search appliance
configuration.

Configure form-based
authentication for
crawl as on a single-
search appliance
configuration.

Forms-based
authentication
with external
authorization
SPI

User provides credentials
on a form configured on
the primary search
appliance. The primary
search appliance uses a
cookie for authorization
using the head requestor
for each search result
returned by a secondary
search appliance.

Configure forms
authentication for serve as on
a single-search appliance
configuration.

Configure form-based
authentication for
crawl as on a single-
search appliance
configuration.

Policy ACLs
with an LDAP
identity
provider

User logs in to network
domain. Credentials for
authorization are
collected at login time
and results are
authorized according to
rules set in policy ACLs.

Copy LDAP information and
policy ACLs from the
secondary search appliance.

Configure LDAP and
policy ACLs.

Type of User
Authentication

How the User is
Authenticated and Results are
Authorized

What to do on the Primary Search
Appliance

What to do on the
Secondary Search
Appliances

See also other documents in the category Google Software: