Search This Blog

Friday, October 26, 2007

Google Search Appliance Version 5.0 Features SAML-Based Security

Google Enterprise Labs announced the release of the Google Search
Appliance Version 5.0, featuring enhanced security for enterprise
applications. The Google Search Appliance provides document and
user-level access control across all web-enabled enterprise content
to ensure that users only see search results for documents they're
permitted to access. With version 5.0, the designers made significant
performance improvement to the SAML SPI framework; as a result the
customers who leverage SAML SPI will be improved performance on their
secured search queries. If the search appliance is configured to use
the SAML Authentication and Authorization SPI, the search appliance
sends a SAML authorization request to the Policy Decision Point, using
the identity obtained for the user during serve authentication. The
SPI enables a Google Search Appliance to communicate with an existing
access control infrastructure via standard SAML messages. The
Authorization SPI is also required in order to support X.509
certificate authentication during serve. When the user's identity
has been authenticated, the Authorization SPI checks to see whether
the user is authorized to view each of the secure documents that match
their search. Using the authenticated cookie set during Authentication,
the search appliance passes the user's session cookie to the Policy
Decision Point's Authorization Service URL inside a SAML Authorization
request. If the response from the Policy Decision Point is inconclusive,
the search appliance will also attempt to verify authorization with a
HEAD request (for content crawled via HTTP Basic or NTLM HTTP) or GET
request (for content crawled via Forms Authentication) before removing
the content from the search results list. The "Windows Authentication
via Google SAML Bridge for Windows" is a special case of the
Authentication and Authorization SPI. The search appliance sends SPI
messages to the Google SAML Bridge for Windows to verify the user's
credentials and authorization to view secure content. This method
requires you to set up the Google SAML Bridge for Windows to handle
the SAML messages from the search appliance's Authorization and
Authentication SPI. The Google SAML Bridge for Windows acts as an
Identity Provider and Policy Decision Point. More Information

No comments: