Home
Home
German Version
Support
Impressum
20.5 Release ►

    Main Navigation

    • Preparation
      • Connectors
      • Initial Startup for G6 appliances (before January 2018)
      • Initial Startup for G7 appliances
      • Setup InSpire G7 primary and Standby Appliances
    • Datasources
      • Configuration - Atlassian Confluence Connector
      • Configuration - Best Bets Connector
      • Configuration - Data Integration Connector
      • Configuration - Documentum Connector
      • Configuration - Dropbox Connector
      • Configuration - Egnyte Connector
      • Configuration - GitHub Connector
      • Configuration - Google Drive Connector
      • Configuration - GSA Adapter Service
      • Configuration - HL7 Connector
      • Configuration - IBM Connections Connector
      • Configuration - IBM Lotus Connector
      • Configuration - Jira Connector
      • Configuration - JiveSoftware Jive Connector
      • Configuration - JVM Launcher Service
      • Configuration - LDAP Connector
      • Configuration - Microsoft Dynamics CRM Connector
      • Configuration - Microsoft Exchange Connector
      • Configuration - Microsoft File Connector (Legacy)
      • Configuration - Microsoft File Connector
      • Configuration - Microsoft SharePoint Connector
      • Configuration - Salesforce Connector
      • Configuration - SAP KMC Connector
      • Configuration - SemanticWeb Connector
      • Configuration - ServiceNow Connector
      • Configuration - SharePoint Online Connector
      • Configuration - Web Connector
      • Data Integration Guide with SQL Database by Example
      • Indexing user-specific properties (Documentum)
      • Installation & Configuration - Atlassian Confluence Sitemap Generator Add-On
      • Installation & Configuration - Caching Principal Resolution Service
      • Installation & Configuration - Jive Sitemap Generator
      • Mindbreeze InSpire Search Apps in Microsoft SharePoint 2010
      • Mindbreeze InSpire Search Apps in Microsoft SharePoint 2013
      • Mindbreeze InSpire Search Apps in Microsoft SharePoint Online
      • Mindbreeze Web Parts for Microsoft SharePoint
      • User Defined Properties (SharePoint 2013 Connector)
    • Configuration
      • CAS_Authentication
      • Cognito JWT Authentification
      • Configuration - Alternative Search Suggestions and Automatic Search Expansion
      • Configuration - Back-End Credentials
      • Configuration - Chinese Tokenization Plugin (Jieba)
      • Configuration - CJK Tokenizer Plugin
      • Configuration - Collected Results
      • Configuration - CSV Metadata Mapping Item Transformation Service
      • Configuration - Entity Recognition
      • Configuration - Exporting Results
      • Configuration - GSA Late Binding Authentication
      • Configuration - Index-Servlets
      • Configuration - Item Property Generator
      • Configuration - Japanese Language Tokenizer
      • Configuration - Kerberos Authentication
      • Configuration - Management Center Menu
      • Configuration - Metadata Enrichment
      • Configuration - Metadata Reference Builder Plugin
      • Configuration - Notifications
      • Configuration - Personalized Relevance
      • Configuration - Plugin Installation
      • Configuration - Principal Validation Plugin
      • Configuration - Profile
      • Configuration - Reporting Query Logs
      • Configuration - Reporting Query Performance Tests
      • Configuration - Request Header Session Authentication
      • Configuration - Vocabularies for Synonyms and Suggest
      • Configuration of Thumbnail Images
      • Cookie-Authentication
      • Documentation - Mindbreeze InSpire
      • Google Search Appliance Migration to Mindbreeze InSpire
      • I18n Item Transformation
      • Installation & Configuration - Outlook Add-In
      • Installation - GSA Base Configuration Package
      • Language detection - LanguageDetector Plugin
      • Mindbreeze Personalization
      • Mindbreeze Prediction Service Text Classification
      • Mindbreeze Property Expression Language
      • Mindbreeze Query Expression Transformation
      • Non-Inverted Metadata Item Transformer
      • SAML-based Authentication
      • Trusted Peer Authentication for Mindbreeze InSpire
      • Using the InSpire Snapshot for Development in a CI_CD Scenario
    • Operations
      • app.telemetry Statistics Regarding Search Queries
      • Configuration Usage Analysis
      • Deletion of Hard Disks
      • Handbook - Backup & Restore
      • Handbook - Command Line Tools
      • Handbook - Distributed Operation (G7)
      • Handbook - Filemanager
      • Handbook - Synchronized Operation (G6)
      • Index Operating Concepts
      • Indexing and Search Logs
      • Inspire Diagnostics and Resource Monitoring
      • InSpire Support Documentation
      • Mindbreeze InSpire SFX Update
      • Provision of app.telemetry Information on G7 Appliances via SNMPv3
      • Restoring to As-Delivered Condition
    • User Manual
      • Cheat Sheet
      • iOS App
      • Keyboard Operation
    • SDK
      • api.v2.alertstrigger Interface Description
      • api.v2.export Interface Description
      • api.v2.personalization Interface Description
      • api.v2.search Interface Description
      • api.v2.suggest Interface Description
      • api.v3.admin.SnapshotService Interface Description
      • Debugging (Eclipse)
      • Developing an API V2 search request response transformer
      • Developing Item Transformation and Post Filter Plugins with the Mindbreeze SDK
      • Development of Insight Apps
      • Java API Interface Description
    • Release Notes
      • Release Notes 20.1 Release - Mindbreeze InSpire
      • Release Notes 20.2 Release - Mindbreeze InSpire
      • Release Notes 20.3 Release - Mindbreeze InSpire
      • Release Notes 20.4 Release - Mindbreeze InSpire
      • Release Notes 20.5 Release - Mindbreeze InSpire
      • Release Notes 2018 Spring - Mindbreeze InSpire
      • Release Notes 2018 Winter - Mindbreeze InSpire
      • Release Notes 2019 Fall - Mindbreeze InSpire
      • Release Notes 2019 Winter - Mindbreeze InSpire
    • Security
      • Known Vulnerablities
    • Product Information
      • Product Information - Mindbreeze InSpire - Standby
      • Product Information - Mindbreeze InSpire
    Home

    Path

    Google Search Appliance Migration to Mindbreeze InSpire

    Mindbreeze InSpire

    Copyright ©

    Mindbreeze GmbH, A-4020 Linz, 2020.

    All rights reserved. All hardware and software names are brand names and/or trademarks of their respective manufacturers.

    These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes or other protected rights. The dissemination, publication or reproduction hereof is prohibited.

    For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

    IntroductionPermanent link for this heading

    This document aims to offer an index of the available documentation on how to replicate the functionality of existing GSA setups on Mindbreeze InSpire Appliances.

    Preparing the Mindbreeze InSpire ConfigurationPermanent link for this heading

    Collections and Index LayoutPermanent link for this heading

    The GSA Configuration PluginPermanent link for this heading

    Indexing Web DocumentsPermanent link for this heading

    Mindbreeze InSpire Web ConnectorPermanent link for this heading

    Processing GSA Feeds. Configure the GSA Feed AdapterPermanent link for this heading

    The Mindbreeze GSA Feed Adapter service aims to cover the basic functionality of the Google Search Appliance Feeder Gate.

    Understanding Google Search Requests. The GSA Query TransformerPermanent link for this heading

    GSA Late Binding AuthorizationPermanent link for this heading

    IntroductionPermanent link for this heading

    The GSA Late Binding Authentication service can be used in web indexing use cases where authorization can’t rely on access control lists or a search-time access check of the results is required. Additional requirement is that the access checking requests (head or get requests) should be authenticated with session cookies.

    It is not recommended to use this method if authorization based on ACLs exclusively is sufficient. If possible, one should use it in conjunction with ACL check (only if the ACLs allow access) as an additional authorization method. The reason is, that the search-time access check can significantly impact search performance.

    ConfigurationPermanent link for this heading

    Late Binding Authorization ServicePermanent link for this heading

    The Late Binding Authorization Service can be configured as a Mindbreeze InSpire Launched Service using the Mindbreeze InSpire Management Center. Navigate to the “Indices” Tab and add a launched service of type “GSALateBindingAuthorization”.

    You can configure the following settings for the server:

    Bind port

    Port that is used for receiving authorization requests.

    Cookie header property

    The authorization service receives a user identity data structure within the authorization request. This property is the name of the identity property that contains the original session cookie header of the search request.

    The access check rules for given URL patterns can be defined in form of “Authorizers”.

    IMPORTANT: the authorization result for a given documents is delivered by the first authorizer with a matching URL pattern.

    An authorizer can have the following attributes:

    URL Pattern

    Regular expression matching the URL (key) of the authorizable document. If matches, this authorizer will be used for access check. The pattern has to fully match the URL input.

    Denied Status Code Pattern

    If set, a HTTP request is performed on the URL of the authorizable document with the search user’s original session cookies.

    The configured regular expression (f. ex. “401|403” or “301|40.*”) is checked against the status code of the HTTP response. If matches, the user is denied access on the document. The pattern has to fully match the status code.

    Denied Content Pattern

    If set, a HTTP Get request is performed on the URL of the authorizable document with the search user’s original session cookies.

    Note: if only “Denied Status Code Pattern” is set in an authorizer without a “Denied Content Pattern”, only HTTP HEAD requests are used for authorization check.

    The configured regular expression is checked against the content of the HTTP response. If the regular expression matches a substring of the content, the user is denied access on the document.

    Check Content Pattern for Matching Media Type

    This regular expression pattern is set per default to “text/.*”. The role of this setting is to restrict matching the configured “Denied Content Pattern” to responses with certain Content-Type header. In this way one can prevent text matching on content for responses in binary or non-textual formats. If not set, the “Denied Content Pattern” is applied on all responses.

    Data Source ConfigurationPermanent link for this heading

    For using the configured GSA Late Binding Authorization Service for access check in a given Data Source (for example Web) the service should be selected as “Authorization Service” in the configuration of the given data source.

    If ACLs are used on the index a “Caching Principal Resolution Service” has to be selected as well:

    Index ConfigurationPermanent link for this heading

    To improve the performance, it is advised to set the following index configuration options:

    • Approved Hits Reauthorize: Token Cache
    • Initial Precheck Bulk Size: 1
    • Maximum Precheck Bulk Size: 1

    Cookie Header Preserver Session Authentication PluginPermanent link for this heading

    The role of this plugin is to allow sending the original user session cookies with the authorization requests to the GSA Late Binding Authorization service.

    The plugin should be configured as a SessionAuthenticationService on the Client Service that will be used for searching.

    For the configuration navigate to the “Client Services” Tab of the Mindbreeze InSpire Management Center and in the configuration of the selected Client Service, add a Session Authentication Plugin of type “CookieHeaderPreserverSessionAuthenticationService”.

    The following settings can be configured for the plugin:

    Cookie header property

    The name of the property in the generated identity data. Default is “cookieheader”. This must be configured on the same value as the “Cookie header property” of the GSA Late Binding Authorization service.

    Username Source

    Can be set to “Username”, “Header” or “Anonymous”.

    Username: a user identity is created having the name set to the value configured in the “Username” setting.

    Header: the name of the created user identity is set to the value of the “X-Auth-User” HTTP request header.

    Username

    If “Username Source” is configured as “Username”, the name of the generated identity is set to this value.

    Has Group Principals

    If active, the comma separated list of groups set in the “X-Auth-Groups” HTTP request header is parsed and the group names are added as additional principal names to the generated identity.

    Download PDF

    • Google Search Appliance Migration to Mindbreeze InSpire

    Content

    • Introduction
    • Preparing the Mindbreeze InSpire Configuration
    • Indexing Web Documents
    • Understanding Google Search Requests. The GSA Query Transformer
    • GSA Late Binding Authorization

    Download PDF

    • Google Search Appliance Migration to Mindbreeze InSpire