beautypg.com

Google Search Appliance Configuring GSA Unification User Manual

Page 12

background image

Google Search Appliance: Configuring GSA Unification

12

The following table tells you how to configure the primary and secondary search appliances for
delegated authorization. Note that forms authentication with IP binding, in which the authentication
cookie is restricted to a single IP address, is not supported.

Type of User
Authentication

How the User is
Authenticated and Results
are Authorized

What to do on the Primary Search
Appliance

What to do on the
Secondary Search
Appliances

HTTP Basic
and NTLM
HTTP for
public serve

Results are public and
authorization is not
required.

Check the Make Public check
box on the Crawl and Index >
Crawler Access page on the
search appliance where the
content is crawled.

Check the Make Public
check box on the
Crawl and Index >
Crawler Access page
on the search
appliance where the
content is crawled.

HTTP Basic, or
NTLM HTTP
for secure
serve

User logs in to network
domain. Credentials
for authorization are
collected on the
Universal Login Form
page and search
results are authorized
using head requests.

Configure the required
credential groups for content
crawled on both the primary
and secondary search
appliance. Configure settings on
the HTTP tab on Serving >
Universal Login Auth
Mechanisms.

If the content is
crawled on the
secondary search
appliance, set Crawler
Access and Crawl URL
patterns. Configure the
required credential
group and settings on
the HTTP tab on
Serving > Universal
Login Auth
Mechanisms.

Cookie site or
forms-based
authentication
for public
serve

Serve is public. No
result authorization at
serve time required.

N/A

N/A

Forms-based
authentication
for secure
serve

Users provide
credentials on the
Universal Login Form
configured on the
primary search
appliance. This process
generates a cookie. The
primary search
appliance shares the
cookie with the
secondary search
appliances, which use
the cookie for
authorization using the
head requestor.

Ensure that the primary search
appliance shares the domain
name with the source. Ensure
that the secondary search
appliances have access to the
cookie generated on the
primary search appliance.
Configure the required
credential group for content
crawled on both the primary
and secondary search
appliance, and configure the
Cookie tab on Serving >
Universal Login Auth
Mechanisms.

Configure with role
account and forms
authentication for
crawling, but ensure
that secondary search
appliances can use the
same cookie generated
on the primary search
appliance for head
requests. Configure the
required credential
group and settings on
the Cookie tab on the
Serving > Universal
Login Auth
Mechanisms page.

See also other documents in the category Google Software: