Google Enterprise Labs announced the release of the Google Search Appliance Version 5.0, featuring enhanced security for enterprise applications. The Google Search Appliance provides document and user-level access control across all web-enabled enterprise content to ensure that users only see search results for documents they're permitted to access. With version 5.0, the designers made significant performance improvement to the SAML SPI framework; as a result the customers who leverage SAML SPI will be improved performance on their secured search queries.
If the search appliance is configured to use the SAML Authentication and Authorization SPI, the search appliance sends a SAML authorization request to the Policy Decision Point, using the identity obtained for the user during serve authentication. The SPI enables a Google Search Appliance to communicate with an existing access control infrastructure via standard SAML messages. The Authorization SPI is also required in order to support X.509 certificate authentication during serve.
When the user's identity has been authenticated, the Authorization SPI checks to see whether the user is authorized to view each of the secure documents that match their sarch. Using the authenticated cookie set during Authentication, the search appliance passes the user's session cookie to the Policy Decision Point's Authorization Service URL inside a SAML Authorization request. If the response from the Policy Decision Point is inconclusive, the search appliance will also attempt to verify authorization with a HEAD request (for content crawled via HTTP Basic or NTLM HTTP) or GET request (for content crawled via Forms Authentication) before removing the content from the search results list. The "Windows Authentication via Google SAML Bridge for Windows" is a special case of the Authentication and Authorization SPI. The search appliance sends SPI messages to the Google SAML Bridge for Windows to verify the user's credentials and authorization to view secure content. This method requires you to set up the Google SAML Bridge for Windows to handle the SAML messages from the search appliance's Authorization and Authentication SPI. The Google SAML Bridge for Windows acts as an Identity Provider and Policy Decision Point.
