Google Search Appliance Managing Search for Controlled-Ac Bedienungsanleitung Seite 1

Google Search ApplianceManaging Search for Controlled-Access ContentGoogle Search Appliance software version 7.0September 2012

Google Search Appliance: Managing Search for Controlled-Access Content 10You can specify a different set of access credentials for each URL pattern in

Google Search Appliance: Managing Search for Controlled-Access Content 11• The Crawl and Index process for content that uses HTTP Basic and NTLM HTTP

Google Search Appliance: Managing Search for Controlled-Access Content 12By default, the search appliance uses its own store of preloaded certificate

Google Search Appliance: Managing Search for Controlled-Access Content 13Secure Content and Public ContentOnce controlled-access content is present in

Google Search Appliance: Managing Search for Controlled-Access Content 14How a Search Appliance Determines What to Display in Public Search ResultsThe

Google Search Appliance: Managing Search for Controlled-Access Content 15AuthenticationServe-time authentication is the process of verifying the ident

Google Search Appliance: Managing Search for Controlled-Access Content 16The following diagram presents an overview of what happens when a user search

Google Search Appliance: Managing Search for Controlled-Access Content 17The domain www.abcreports.com uses one, unique set of credentials (user name

Google Search Appliance: Managing Search for Controlled-Access Content 18Universal Login FormAfter credential groups are configured, whenever a user p

Google Search Appliance: Managing Search for Controlled-Access Content 196. If any credential groups remain unsatisfied, the Universal Login Form is p

Google Search Appliance: Managing Search for Controlled-Access Content 2Google, Inc.1600 Amphitheatre ParkwayMountain View, CA 94043www.google.comSept

Google Search Appliance: Managing Search for Controlled-Access Content 20If this option is checked, the user is not required to type a username and pa

Google Search Appliance: Managing Search for Controlled-Access Content 21Configuring a Credential Group for Cookie-Based AuthenticationConfigure a cre

Google Search Appliance: Managing Search for Controlled-Access Content 22To add a credential group rule for cookie-based authentication:1. Click Servi

Google Search Appliance: Managing Search for Controlled-Access Content 23Cookie-Based Authentication ScenariosDifferent organizations set up cookie-ba

Google Search Appliance: Managing Search for Controlled-Access Content 246. Optionally, type the number of seconds that the verification of user crede

Google Search Appliance: Managing Search for Controlled-Access Content 252. Choose Administration > SSL Settings. Configure the search appliance to

Google Search Appliance: Managing Search for Controlled-Access Content 26• aes256-cts-hmac-sha1-96• des-cbc-md5To ensure that a search appliance uses

Google Search Appliance: Managing Search for Controlled-Access Content 27After you complete these steps, recrawl the affected content sources. The sea

Google Search Appliance: Managing Search for Controlled-Access Content 285. At the command prompt, create a keytab file for the search appliance and r

Google Search Appliance: Managing Search for Controlled-Access Content 293. Open the properties for the user. Use the Account tab for the search appli

Google Search Appliance: Managing Search for Controlled-Access Content 3ContentsChapter 1 Overview ...

Google Search Appliance: Managing Search for Controlled-Access Content 304. Optionally, to enable cross-domain access, click the Enable KDC DNS Lookup

Google Search Appliance: Managing Search for Controlled-Access Content 314. Under Security, select the checkbox labeled Enable Integrated Windows Auth

Google Search Appliance: Managing Search for Controlled-Access Content 32Configuring a Credential Group for SAML AuthenticationWhen the Google Search

Google Search Appliance: Managing Search for Controlled-Access Content 33ConnectorsYou can configure an authentication domain for a registered connect

Google Search Appliance: Managing Search for Controlled-Access Content 34Integrating the Search Appliance with an LDAP ServerIf you are not using Kerb

Google Search Appliance: Managing Search for Controlled-Access Content 3511. Test the LDAP server settings for a potential search user by entering the

Google Search Appliance: Managing Search for Controlled-Access Content 36Enabling Group LookupYou can enable a search appliance to automatically look

Google Search Appliance: Managing Search for Controlled-Access Content 372. Choose Administration > SSL Settings. Scroll down to Force secure conne

Google Search Appliance: Managing Search for Controlled-Access Content 38The effect of the response header is that it has “cracked” open the cookie an

Google Search Appliance: Managing Search for Controlled-Access Content 39Flexible AuthorizationFlexible authorization gives you more control over auth

Google Search Appliance: Managing Search for Controlled-Access Content Contents 4Customizing the Universal Login Form 50Using the Page Layout Helper

Google Search Appliance: Managing Search for Controlled-Access Content 40Legacy AuthorizationWith legacy authorization, the search appliance performs

Google Search Appliance: Managing Search for Controlled-Access Content 41Policy ACLs typically store the results that would have occurred if the searc

Google Search Appliance: Managing Search for Controlled-Access Content 42Methods for Adding ACLs to the IndexThe search appliance supports different m

Google Search Appliance: Managing Search for Controlled-Access Content 43Both the meta-name and the meta-value are encoded according to section 2 of R

Google Search Appliance: Managing Search for Controlled-Access Content 44• “General URL Patterns” on page 44Prefix PatternsIf there is one or more mat

Google Search Appliance: Managing Search for Controlled-Access Content 457. In the Namespace/Credential Group box, accept the default namespace/creden

Google Search Appliance: Managing Search for Controlled-Access Content 46To import and update policy ACLs:1. Import the policy ACLs from the earlier r

Google Search Appliance: Managing Search for Controlled-Access Content 47• The user in the policy ACL rule must match the identity in the Default cred

Google Search Appliance: Managing Search for Controlled-Access Content 48The SAML Authorization SPI is exposed to allow a customer’s web service to co

Google Search Appliance: Managing Search for Controlled-Access Content 492. Scroll down to Authorization SPI and enter the connection information for

Google Search Appliance: Managing Search for Controlled-Access Content 5Chapter 1Overview Chapter 1The Google Search Appliance makes documents in your

Google Search Appliance: Managing Search for Controlled-Access Content 50Removing Controlled-Access Content from Search ResultsDespite your best effor

Google Search Appliance: Managing Search for Controlled-Access Content 51Using the Page Layout HelperThe Page Layout Helper enables you to customize t

Google Search Appliance: Managing Search for Controlled-Access Content 52If a credential group is already satisfied at the time the Universal Login Fo

Google Search Appliance: Managing Search for Controlled-Access Content 53Chapter 3Use Cases with Public and Secure Serve for Multiple Authentication M

Google Search Appliance: Managing Search for Controlled-Access Content 54Setting up Crawl and IndexFirst, the system administrator creates a user acco

Google Search Appliance: Managing Search for Controlled-Access Content 55Populating the Index for Controlled-Access ContentDuring crawl, the search ap

Google Search Appliance: Managing Search for Controlled-Access Content 56Serving Controlled-Access Content to the User as Public ContentABC Company ha

Google Search Appliance: Managing Search for Controlled-Access Content 57Currently, when employees search for protected personnel information, they ar

Google Search Appliance: Managing Search for Controlled-Access Content 586. In the URL Pattern for this rule box, Tanya enters http://insidealpha.com/

Google Search Appliance: Managing Search for Controlled-Access Content 593. The search appliance provides the username “ALSearch” and the password ent

Google Search Appliance: Managing Search for Controlled-Access Content 6Which Sections of this Guide Should I Read?This guide helps you to answer the

Google Search Appliance: Managing Search for Controlled-Access Content 605. Next, to add the comp.alpha.int web server, which uses HTTP Basic authenti

Google Search Appliance: Managing Search for Controlled-Access Content 61Use Case 3: Two Sets of Credentials for Two ConnectorsAlphaLyon, from use cas

Google Search Appliance: Managing Search for Controlled-Access Content 62Adding Connectors to the Credential GroupsNext, Tanya configures the Default

Google Search Appliance: Managing Search for Controlled-Access Content 639. The search appliance queries the index and obtains a list of relevant resu

Google Search Appliance: Managing Search for Controlled-Access Content 64Obtaining a keytab FileBefore configuring and activating Kerberos support, Ta

Google Search Appliance: Managing Search for Controlled-Access Content 65The search appliance performs the following steps before sending Salim’s brow

Google Search Appliance: Managing Search for Controlled-Access Content 66Search by an Unauthorized UserEric isn’t a member of the sales team, but he’s

Google Search Appliance: Managing Search for Controlled-Access Content 67Chapter 4Cookie-Based Authentication Scenarios Chapter 4This section provides

Google Search Appliance: Managing Search for Controlled-Access Content 68Each scenario contains detailed information about the interactions between th

Google Search Appliance: Managing Search for Controlled-Access Content 69Sample URLA sample URL is any page that should not be displayed unless the us

Google Search Appliance: Managing Search for Controlled-Access Content 7Multiple login domains: more than one set of credentials are required to provi

Google Search Appliance: Managing Search for Controlled-Access Content 70If a sample URL is provided, it allows the search appliance to skip the redir

Google Search Appliance: Managing Search for Controlled-Access Content 71With cookie cracking, if a sample URL check for user credentials is successfu

Google Search Appliance: Managing Search for Controlled-Access Content 72Scenario 1: Normal Forms AuthenticationIn Scenario 1, if the sample URL check

Google Search Appliance: Managing Search for Controlled-Access Content 734. If the search appliance’s session cookie is still valid, the authenticatio

Google Search Appliance: Managing Search for Controlled-Access Content 74Process Overview of Scenario 2The following diagram provides an overview of t

Google Search Appliance: Managing Search for Controlled-Access Content 75Scenario 3: Cannot Use Universal Login Form and Need Identity Verified Silent

Google Search Appliance: Managing Search for Controlled-Access Content 763. The search appliance checks its own session cookie to find out if authenti

Google Search Appliance: Managing Search for Controlled-Access Content 77Process Overview of Scenario 4The following diagram provides an overview of t

Google Search Appliance: Managing Search for Controlled-Access Content 78Set Up for Scenario 5In scenario 5, the sample URL’s server is configured as

Google Search Appliance: Managing Search for Controlled-Access Content 79Scenario 6: Use an HTTP Basic Challenge to Get CookiesIn Scenario 6, your sys

Google Search Appliance: Managing Search for Controlled-Access Content 8Chapter 2Crawl, Index, and Serve Chapt er 2This chapter describes how a search

Google Search Appliance: Managing Search for Controlled-Access Content 80Scenario 7: Use an NTLM HTTP Login Page to Get CookiesIn scenario 7, your sys

Google Search Appliance: Managing Search for Controlled-Access Content 81Process Overview of Scenario 7The following diagram provides an overview of t

Google Search Appliance: Managing Search for Controlled-Access Content 82IndexAActive Directory 27, 28Administration > Certificate Authorities page

Google Search Appliance: Managing Search for Controlled-Access Content Index 83Crawl and Index > Forms Authentication page 10, 11, 13, 57, 58, 59,

Google Search Appliance: Managing Search for Controlled-Access Content Index 84LDAP-based authenticationdescription 33–36group lookup 36serve method 6

Google Search Appliance: Managing Search for Controlled-Access Content Index 85SMB file share 6SSL certificate 24start URLs 54, 58Status and Reports &

Google Search Appliance: Managing Search for Controlled-Access Content 9After the search appliance authenticates a user by establishing the user’s ide