Managing Search for Controlled-Access Content: Overview

Google Search Appliance software version 6.0
Posted June 2009

The Google Search Appliance makes documents in your domain discoverable through search. In addition to public content that is available to everyone, the search appliance can crawl and index documents that require a login and password or another form of authentication. To protect confidentiality at serving time, the search appliance determines whether the user performing the search is authorized to view each document before it displays results.

For instance:

• You have several sign-on domains, and want to enable employees to search across enterprise content without logging in to many sites.
• You want to make an article searchable by everyone, but to require that a user supplies a login before they can view the full text.
• You want to allow the finance team to search through confidential reports on an accounting site. Members of the finance group can search for reports and read them. Employees in other divisions cannot view accounting reports and should never see these documents in their search results.

As the search appliance administrator, you must configure the Google Search Appliance to support these kinds of situations.

Contents

1. Overview
   1. About this Guide
   2. Which Sections of this Guide Should I Read?
2. Crawl, Index, and Serve (HTTP Basic, Certificates, Forms Authentication, Kerberos, LDAP, NTLM, Policy ACLs, SAML)
   1. Authentication, Authorization, and Controlled-Access Content
   2. Crawl and Index for Controlled-Access Content
   3. Secure Content and Public Content
   4. Serve for Controlled-Access Content
   5. Digital Certificates and Certification Authorities
   6. How to Exclude Controlled-Access Content Sources from Search
3. Use Cases with HTTP Basic and NTLM HTTP
   1. Use Case 1: HTTP Basic or NTLM HTTP Controlled-Access Content with Public Serve
   2. Use Case 2: HTTP Basic or NTLM HTTP Controlled-Access Content with Secure Serve
   3. Use Case 3: Windows Authentication with Kerberos Tickets for Secure Serve
4. Use Cases with Cookies and HTML Forms Authentication
   1. Use Case 4: Cookies or Forms Authentication with Public Serve
   2. Use Case 5: Forms Authentication Against a Sample Protected URL for Secure Serve
   3. Use Case 6: Forms Authentication with External Login for Secure Serve

About this Guide

This guide is intended for the search appliance administrator and developers who need to understand authentication and authorization for the Google Search Appliance. It explains how the Google Search Appliance makes controlled-access content available through search, describes how to configure authentication and authorization, and demonstrates how to make controlled-access content available to authorized users in your organization.

Which Sections of this Guide Should I Read?

This guide helps you to answer the following questions:

• How do I set up my search appliance to crawl and index controlled-access content?
• Once I have indexed controlled-access content, how do I specify the content that is visible to a user during serve? Public content (access=p) is available in all search results, while secure content (access=s) is only visible to authorized users.

Because some methods of accessing controlled-access content do not support secure serve, the answers to these questions depend on your existing access control infrastructure, and whether your content sources require secure serve.

The following table explains which sections in this guide are most relevant for each access method, and provides links to those sections.