Google Search Appliance Enabling Windows Integrated Authentication version 7.2 User Manual

Page 20

Advertising
background image

Google Search Appliance: Enabling Windows Integrated Authentication

20

Authorization Testing Results in Indeterminate Status

Problem

When you run an authorization test, the permit code ‘Indeterminate’ appears and the following
messages appear in the ac.log file.

3/13/2007 5:17:59 PM, GetPermission: after WindowsIdentity
3/13/2007 5:17:59 PM, GetPermission: AuthImpl::caught exception
3/13/2007 5:17:59 PM, GetPermission: Either a required impersonation level was
not provided, or the provided impersonation level is invalid.

Suggestion

This error indicates that the host on which SAML Bridge resides might have an incompatible version of
the .NET framework. Refer to the section “Prerequisites for Using SAML Bridge” on page 6 for the correct
version.

If you’ve checked the .NET version and determined that it meets the requirements, you can reconfigure
the .NET framework for IIS as follows:

cd C:\WINDOWS\Microsoft.NET\Framework\your-version\
aspnet_regiis.exe -i

When your IIS server is reconfigured to use the specified version of .NET, the following message
displays:

Finished installing

ASP.NET

(2.0.50727).

Authorization Error

Problem

The log file lists a 401 error (unauthorized):

1/4/2007 9:14:19 AM, GetURL: GetURL =http://host.domain.domain.com:82/deny.html
1/4/2007 9:14:19 AM, GetURL: inside GetURL internal
1/4/2007 9:14:19 AM, GetURL: Sending a Head request to target URL
1/4/2007 9:14:19 AM, GetPermission: AuthImpl::caught WebException
1/4/2007 9:14:19 AM, GetPermission: e = System.Net.WebException: The remote

server returned an error: (401) Unauthorized.

at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.HttpWebRequest.GetResponse()
at SAMLServices.Common.GetURL(String url, ICredentials cred)
at SAMLServices.Common.GetURL(String url)
at SAMLServices.Wia.AuthImpl.GetPermission(String url, String subject)

Suggestion

This problem indicates a Kerberos configuration error. Check that Kerberos is properly configured,
following steps in “Content Server Kerberos Prerequisites” on page 16.

Advertising
See also other documents in the category Google Software: