![]() |
|
Help Center
Home |
Crawl and Index > Forms AuthenticationUse the Crawl and Index > Forms Authentication page to configure forms authentication rules for crawling secure access content. The Google Search Appliance can integrate with a form-based single sign-on system. Examples of such systems are Computer Associates SiteMinder (single domain only), Oracle Identity Management, and Cams from Cafesoft. The single sign-on products for which Google has tested compatibility are listed in the Guide to the Software Release, available from theGoogle Search Appliance help center. Use of an SSO server has the advantage of requiring credentials from a user only one time. The SSO server unifies the authentication process by first authenticating the user and then by authorizing the user on the web servers to which that user has access. The search appliance can securely serve pages that are protected by forms-based authentication. For more information, see Serving >Universal Login Auth Mechanisms > Cookie Based. About Forms Authentication RulesYou do not explicitly specify a forms authentication rule. Instead, you use a forms authentication login wizard to log in and the search appliance captures the information that it needs to create the rule. The crawler uses the information in the following table to get access to documents that require login.
If the URL pattern that matches the forms authentication rule includes a logout page, the search appliance attempts to crawl the logout page, which essentially results in cookie expiration. If the SSO system includes a logout page, then exclude the logout page by adding it to Do Not Crawl URLs with the Following Patterns on the Crawl and Index > Crawl URLs page. Creating a Forms Authentication RuleWhen you create a forms authentication rule, you provide an example of the protected content, and then log in, using the username and password credentials that you want the crawler to use. When you submit the login form, the search appliance captures the rule. Editing a Forms Authentication RuleAfter a rule is set up, you can edit it in any of the following ways:
If you enter an additional Authorization HTTP Header on Crawl and Index > HTTP Headers, the web server may not grant the Single Sign-On cookie when the cookie rule is executed. Notes: To set the length of time that a user's authorization for secure URLs should be kept in the search appliance authorization cache, go to Serving > Access Control. Create and Edit Forms Authentication RuleTo set up a rule for crawling pages behind a Forms Authentication login page:
To edit existing Forms Authentication rules:
To delete the Forms Authentication rule:
Certificate Authorities and Forms Authentication RulesIf HTTPS sites are used when creating a Forms Authentication rule, you might need to install their CA certificates by using the Administration > Certificate Authorities page. The search appliance does have a default certificate store for the most common Root CA certificates, but not all of them. So if your HTTPS servers are using self-signed or other CA certificates that might not be common, you might need to install those certificates. When you install any CA certificates by using the Administration > Certificate Authorities page, the default certificate store is not used. The search appliance only uses the CA certificates from Administration > Certificate Authorities. The search appliance performs strict certificate path validation during an SSL handshake. Therefore, Google recommends the following process to avoid potential failures:
Setup LogAfter you have set up an authentication rule, you will see log files for the HTTP and HTTPS output of the Forms Authentication setup. The logs show the headers that pass between the search appliance and your SSO server. You can use the logs to help troubleshoot any problems. For More InformationFor more information about forms authentication, see the following topics:
|
||||||||||
© Google Inc. |