We are trying to define our OneBox module to use SSO
(Single
Signon). We are unable to get this to work. We have
created a very
simple example:
- we have stored an xml file on a web server that is in the
format of
the onebox results.
- this page is protected by a SiteMinder form. (ie. The
siteminder
agent intercepts the url, and redirects to a form).
Outside of the GSA, when we enter the url to the xml file,
we are
presented with the form, we enter our user/password
information, and
the xml file is displayed.
We have defined this xml file as a OneBox module and
selected SSO.
In the Crawling section, we use the Forms Authentication
Wizard to
walk through accessing the file, which seems to have
captured the form
correctly.
When we run the front end containing the OneBox module, we
are
challenged for a userid/password (not via the SiteMinder
form, but
through a standard looking "basic authentication"
challenge), but then
the OneBox module results are not included in the resulting
search
results.
Checking the OneBox module log, it shows that the url was
issued, but
it failed with [bad xml].
We also tried it from the SiteMinder protected page where a
user needs
login through SiteMinder form first. In this case SiteMinder
SMSESSION
cookie gets generated after the login and GSA OneBox module
invocation
should not ask for the authentication but it does same Basic
Auth
challenge like above. We double checked the cookie domain
for cookie
forwarding based on GSA documentation and believe the setup
is
correct. Somehow GSA does not know about the cookie or GSA
machine
does not accept the cookie(?).
Note that we have also tried playing with the Forms
Authentication
under Serving as well, but this doesn't make any difference.
It is my
understanding that the settings for authentication and
access under
Crawling control the OneBox behavior, is that correct?
In the Help, it describe some logging that is available for
debugging
SSO issues, but we can not find anywhere to turn this on,
get the log,
etc. Does anyone know how to do this?
Note that our GSA is NOT configured itself to use SSO (it is
our
development appliance).
Our GSA is at level: 4.6.2.S.18.
There are other scenarios we would like to go through, but
we would
like to see one work before moving on to others
Any ideas?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Google Search Appliance" group.
To post to this group, send email to
Google-Search-Appliance googlegroups.com
To unsubscribe from this group, send email to
Google-Search-Appliance-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/Google-Search-Applian
ce?hl=en
-~----------~----~----~----~------~----~------~--~---
|
