Checking time synchronization – Google Search Appliance Enabling Windows Integrated Authentication version 6.8 User Manual
Page 22

Google Search Appliance: Enabling Windows Integrated Authentication
22
Configuring the SAML Bridge to Communicate with the
Google Search Appliance
In a previous step (see “Configuring the SAML Bridge to Communicate with the Simulator” on page 19),
you configured the SAML Bridge to communicate with the simulator. Now you must reconfigure the
SAML Bridge so that it communicates with the search appliance instead of the simulator.
1.
In File Explorer, go to the subfolder saml-bridge.
2.
In that folder, open the file Web.config for edit.
3.
Scroll to the bottom to find
4.
In the second line, change the value of log_level from debug to error.
5.
Uncomment the fourth line and add comment notation to the sixth line.
6.
In the fourth line, replace gsa_host with the hostname or IP address of your search appliance.
7.
In the tenth line provide the value for IDP Entity ID. The IDP Entity ID is used to uniquely identify
each SAML Bridge deployment. This is the same value you provided on the Admin Console >
Universal Login > SAML Bridge tab in “Configuring the Search Appliance to Use the SAML Bridge”
on page 17.
8.
Save the file and exit.
Checking Time Synchronization
The system clock of the SAML Bridge host and the system clock of the search appliance must be
synchronized, to prevent the search appliance from invalidating authentication responses. The search
appliance treats an authentication response as invalid if the timestamp of the response is not close to
the time of the search appliance system clock.
Take measures to verify that these system clocks are synchronized.
If your environment uses the Network Time Protocol (NTP), do the following:
1.
Check that an NTP server is running on your network.
2.
Test that the search appliance is configured to use NTP, as follows:
a.
In the search appliance Admin Console, go to Administration > Network Settings.
b.
Make sure that the NTP server is specified.
c.
Use the Network Diagnostics box to test connectivity between the search appliance and the
NTP server.
3.
Check that the NTP service is running on the SAML Bridge host, on the content servers, and on the
domain controller.