| Help Center
Home
Crawl and Index
Serving
Front Ends
Output Format
KeyMatch
Related Queries
Filters
Remove URLs
OneBox Modules
Query Settings
OneBox Modules
Document Preview Module
Result Biasing
Dynamic Navigation
Suggestions
Access Control
Policy ACLs
Universal Login Auth Mechanisms
Cookie
HTTP
Client Certificate
Kerberos
SAML
Connectors
LDAP
Universal Login Form Customization
Flexible Authorization
Alerts
Language Bundles
Status and Reports
Connector Administration
Social Connect
Cloud Connect
GSA Unification
GSAn
Administration
More Information
|
![]() |
![]() |
Serving > Forms Authentication
Use the Serving > Forms Authentication page to configure serve for protected documents accessed through forms authentication. To create a new forms authentication rule, go to Crawl and Index > Forms Authentication.
The Google Search Appliance can integrate with a form-based single sign-on (SSO) system. Examples of such systems are CA SiteMinder from Computer Associates (single domain only), Oracle Identity Management, and Cams from Cafesoft. The single sign-on products for which Google has tested compatibility are listed in the Guide to the Software Release, available from the Google Search Appliance help center.
When serving SSO documents, if the end user does not have a cookie or the cookie
has expired, the search appliance first challenges for credentials and then
tries to obtain a cookie by submitting credentials to an SSO server.
Before Starting this Task
Before configuring forms authentication on a search
appliance, complete the tasks listed in the following table.
| Task |
Description |
| Find an SSO server |
Determine the URL for a web page that is protected by an SSO server. The search appliance sends credential verification requests to this SSO server. |
| Create cookie rules |
Cookie rules enable the crawler to access pages that are hidden behind a login form or pages that require cookies to return the correct content. |
| Import certificates |
To serve secure content over HTTPS (recommended), you must import certificate authority (CA) certificates to allow the search appliance to authenticate each to server that is accessed over HTTPS. For information about how the search appliance uses certificate authorities, See Administration > Certificate Authorities. |
Configuring Forms Authentication
The Serve Protected Sites section of this page contains the following two options for user authentication:
- Log in against a sample protected URL
- Always redirect to an external login server
The following table describes each of these options.
| Option |
Description |
| Log in against a sample protected URL |
Authenticate by performing forms authentication on behalf of the user. The search appliance exchanges cookies between the user and the SSO system, and checks whether cookies are valid by retrieving a sample URL.
If a sample URL retrieval attempt fails, the search appliance presents the user with a copy of the SSO system's login form. Upon submission, the search appliance examines the changes in cookies, and repeats the process. |
| Always redirect to an external login server |
During authentication, always redirect the user to the SSO system at the provided URL. The SSO system either challenges the user or determines from its own cookies that the user is already logged in and does not need to be challenged.
The login server must be able to redirect the user back to the search appliance after the login sequence completes. |
To configure serve for protected documents accessed through forms authentication:
- Under Serving > Forms Authentication, select one of the following options:
- Log in against a sample protected URL
- Always redirect to an external login server
- Enter the URL that is protected by your security policy, or the URL to the external login server.
- Click Save Forms Authentication Serving Configuration.
Generating a Serving Log
When problems related to serving occur, you can generate a log that lists forms authentication traffic to use in troubleshooting. The log displays two columns of messages on the Serving > Forms Authentication page.
To enable logging, click Start Logging. To disable logging, click Stop Logging.
The following table lists logging message types.
| Message Type |
Description |
| User logins to frontends |
This log displays messages when users sign in and receive a cookie. |
| Verification of user access to secure documents |
This log displays messages when a user searches public and secure content. The headrequestor component of the search appliance verifies that the user's cookie provides access to the documents that contain the search results. For more information, see "How to use the headrequestor process," which is linked to the Google Search Appliance help center. |
These logs are useful if users are unable to view results from documents that are protected by forms authentication. Look for the following types of errors:
- In the login log, look for 401 errors (unauthorized).
- In the verification log, look for 404 errors (not found).
When you enable logging, the log displays until one megabyte of data appears. After the log displays one megabyte of data, the search appliance clears and restarts the log. To retain log data, select and copy the data from the Admin Console screen, and paste the data into a text editor.
While the search appliance is logging, performance slows, and a warning message appears at the top of the Serving > Forms Authentication page. Google recommends that you disable logging after you are done troubleshooting.
For More Information
For more information, see the following references:
|
