beautypg.com

Using saml bridge with the search appliance, Silently authenticate users with saml bridge, Prerequisites for using saml bridge – Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 6: Installing saml bridge

background image

Google Search Appliance: Enabling Windows Integrated Authentication

6

Using SAML Bridge with the Search Appliance

It is preferable to achieve silent authentication by enabling Kerberos on the search appliance (called
“Kerberizing”). However, if your implementation requires the use of SAML Bridge for authentication (see
examples listed in the “Overview” on page 5, then SAML Bridge can be used to mediate between your
users and your Windows domain. SAML Bridge is implemented as an ASP.NET website that resides in IIS.

SAML Bridge can be used to

Silently Authenticate Users with SAML Bridge

Authorize Content with SAML Bridge

Note: Although SAML Bridge can be used to authorize content that resides on web servers, this is no
longer a common use for it. If your environment requires this, refer to “Authorize Content with SAML
Bridge” on page 15
for details.

Silently Authenticate Users with SAML Bridge

The following process describes the role of SAML Bridge in the lifecycle of a search query when SAML
bridge is used for authentication:

1.

A user performs a secure search.

2.

The search appliance redirects the user to SAML Bridge.

3.

SAML Bridge authenticates the user.

4.

The search appliance gets the user name (and domain, if configured) from SAML Bridge. This is the
verified identity.

5.

The search appliance passes the verified identity of the search user to the authorization phase.

Prerequisites for Using SAML Bridge

The following prerequisites apply to the IIS content server that hosts SAML Bridge:

IIS must be at version 6.0 or later.

To verify the version of IIS, do this: In the Start menu, choose Administrative Tools > Internet
Information Services (IIS) Manager. In the IIS Manager, choose Help > About.

The server must be running .NET Framework Version 2.0 or later. To verify the version, in the IIS
Manager tree view, under the host name, choose Web Service Extensions. In the Web Service
Extensions panel, look for ASP.NET version 2.0 or later.

Additional prerequisites apply to content servers when using SAML Bridge for Authorization. For details,
refer to “Prerequisites for Using SAML Bridge for Authorization” on page 16.

Installing SAML Bridge

You can install SAML Bridge on any IIS server that meets the prerequisites described above.