Google Search Appliance Authentication/Authorization for Uživatelský manuál

Google Search ApplianceAuthentication/Authorization for Enterprise SPI GuideGoogle Search Appliance software version 6.8 and laterOctober 2010

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 10HTTP/1.x 302 Moved TemporarilyServer: Apache-Coyote/1.1Set-Cookie: JS

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 11The SAMLRequest is first DEFLATE-compressed, then Base 64 encoded, th

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 12After Authentication, the IdP can either use Artifact Binding or POST

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 13GET /security-manager/samlassertionconsumer?SAMLart=emwjzal36b2dfyoc8

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 14An artifact must not be reusable. Once an artifact is dereferenced, t

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 15</samlp:ArtifactResponse></SOAP-ENV:Body></SOAP-ENV:En

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 16<form action="https://gsa.yourdomain.com/security-manager/sam

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 17With the base64 encoded form of the signed SAML Response:<samlp:Re

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 18<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#en

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 19When a user performs a search over access-controlled documents, the u

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 2Google, Inc.1600 Amphitheatre ParkwayMountain View, CA 94043www.google

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 20Here are the relevant portions of the SAML schema (see http://www.oas

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 21<element name="Subject" type="saml:SubjectType"

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 22Here are some relevant portions of the SAML schema for the response:&

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 23<element name="Assertion" type="saml:AssertionType&

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 24Since the URL found in the cache link (the cache URL pointed to by th

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 25The following is an example of a possible response from the Policy De

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 262. Enter the URL of the service so that the system can access the ser

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 27The following is an example of a message the search appliance sends t

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 28In return, the search appliance expects to receive one or more SAML R

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 29GET</saml:Action></saml:AuthzDecisionStatement></saml:

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 3ContentsAuthentication/Authorization for Enterprise SPI Guide ...

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 30SPI CallFlow DiagramThe following diagram is the complete call flow f

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 31References• GSA Admin Toolkit: Sample SPI for authentication and auth

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 32IndexSymbols&SAMLRequest= 9, 11AActiveDirectory 4Apache Axis 5Art

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide Index 33Xx.509 certificates 4XML 4, 6XML digital signature 15XML digita

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 4Authentication/Authorization for Enterprise SPI GuideThe SAML Authenti

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 5• SAML 2.0: An XML-based standard whose primary use case is inter-doma

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 6AuthenticationPurpose of the Google Search Authentication SPIWhen impl

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 7• Depending on the SAML Binding option:Artifact Binding• The Identity

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 8Assume no prior search appliance session or SSO cookie has been grante

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide 9GET /security-manager/samlauthn? SAMLRequest=fZJNT8MwDEDvSPyHKPeuHxIMR