Installing the saml bridge – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual

Google Search Appliance: Enabling Windows Integrated Authentication

11

Granting the “Act as Part of the Operating System” Privilege

When the search appliance sends an authorization request with a user name, the SAML Bridge can
generate a Windows token by impersonation, but it can use the token to access remote resources only if
it has the privilege “Act as part of the operating system.” The Network Service that represents the
identity of the SAML Bridge Application Pool must now be configured to act as part of the operating
system, if it is not already configured that way.

In some environments, you can’t configure a host individually, because the domain controller sets
security settings for all hosts in the domain. If your environment is set up that way, you’ll need to get
access to the domain controller or to ask its administrator to perform this configuration.

If you can configure the SAML Bridge host, do the following:

1.

Open Control Panel > Administrative Tools > Local Security Settings.

2.

In the left panel, select Security Settings > Local Policies > User Rights Assignment.

3.

Open Act as part of operating system.

4.

In the Act as part of the operating system Properties dialog box, click Add User or Group.

5.

In the Add User or Group dialog box, enter Network Service and click OK. The Act as part of the
operating system Properties dialog box reappears, with Network Service in the box.

6.

Click OK to close the Properties dialog box.

Installing the SAML Bridge

You can install the SAML Bridge on any IIS server that meets the prerequisites described above.

To install the SAML Bridge:

1.

Start a web browser and navigate to

http://code.google.com/p/googlesearchapplianceconnectors/

downloads/list

.

2.

Download the most recent version of Google Search Appliance Resource Kit for SharePoint package
for your operating system (x86 or x64).

3.

Unzip the package.

4.

Locate the installer, which is the file with the extension msi.

5.

Double-click the installer file. The Welcome screen is displayed.

6.

Click Next.

7.

On the Installer Type panel, select Custom and click Next. On the Custom Setup panel, the SAML
Bridge is part of the GSA Resource Kit for SharePoint.

8.

Select GSA Resource Kit for SharePoint.

9.

Click Next.

10. Enter the correct port number. The installer creates a web site in IIS with the port number you

enter.

11. Click Install. After the installation process is complete, a web site named gsa-resource-kit is

created with two virtual directories, gsa-simulator and saml-bridge.