beautypg.com

Google Search Appliance Configuring GSA Unification User Manual

Page 13

background image

Google Search Appliance: Configuring GSA Unification

13

Multiple
content
sources
protected by
forms auth
rules

On the Universal Login
form, URL patterns
belonging to each of
the content sources
can be mapped to a
Sample URL. The
sample url will be used
with the user name
and password the user
enters for that
credential group.

Configure one credential group
for each content source. Put the
appropriate values for URL
pattern and Sample URL in each
credential group, for content
crawled on both the primary
and secondary nodes, on the
Cookie tab on the Serving >
Universal Login Form
page.
Note that even if both the
content sources shares same
set of credentials, you must
configure two different
credential groups to map each
URL pattern to a different
Sample URL.

Configure the
credential for contents
crawled on the
secondary search
appliance.

SAML
authentication
with external
authorization
SPI

SAML assertion is
passed to the
secondary search
appliances, where the
assertion is used to
authorize the user to
view documents.

Configure the required
credential group both for
content crawled on primary and
secondary and configure the
settings on the SAML tab on the
Serving > Universal Login
Auth Mechanisms
page.

Configure the SPI.
Configure the required
credential group and
settings on the SAML
tab on the Serving >
Universal Login Auth
Mechanisms
page.

Forms-based
authentication
with external
authorization
SPI

SAML assertion is
passed to the
secondary search
appliances, where the
assertion is used to
authorize documents.

Configure the required
credential group (both for
content crawled on primary and
secondary) and settings in
Cookie tab on the Serving >
Universal Login Auth
Mechanisms
page.

Configure the SPI.
Configure the required
credential group and
settings on the SAML
page on the Serving >
Universal Login Auth
Mechanisms
page.

Kerberos
authentication

If Kerberos/IWA is
configured, silent
authentication is used
and the user is not
prompted for
credentials.

Configure Kerberos on the
Kerberos tab of the Serving >
Universal Login Auth
Mechanisms
page.

Configure Kerberos on
the Kerberos tab of
the Serving >
Universal Login Auth
Mechanisms
page.

Single
connector
using content
feeds

Authorization is
performed by the
connector.
Authentication can be
performed by
connector or by using
any standard
authentication
method, such as LDAP,
HTTP Basic, cookie-
based, SSO, and
others.

Configure the authentication
method on the Universal Login
Auth Mechanisms
page Note
that if authentication is
performed by the connector
using the connector
authentication SPI, the
connector must be configured
on the primary search
appliance as well as on any
secondary search appliances.
Use the same connector
manager name and connector
name for configuration on both
search appliances.

Configure the
connector for crawling
on the Connector
Administration
page.

Type of User
Authentication

How the User is
Authenticated and Results
are Authorized

What to do on the Primary Search
Appliance

What to do on the
Secondary Search
Appliances