Search Box fails with 401, Unauthorized when SAML Bridge and Search Box are installed on separet machines and search is fired from a NTLM site from a remote machine on the same domain

rajgithub123 / google-enterprise-connector-sharepoint

Automatically exported from code.google.com/p/google-enterprise-connector-sharepoint

0 stars 0 forks source link

Search Box fails with 401, Unauthorized when SAML Bridge and Search Box are installed on separet machines and search is fired from a NTLM site from a remote machine on the same domain #146

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
======================================
1. Install SAML Bridge and Search Box on separate machines.
2. Configure the SAML Bridge with GSA.
3. Install Search box on the SharePoint server. If you have a Front End
farm, Install search box on all the front end servers.
4. Try searching from NTLM site from a browser located on a remote machine
(i.e. machine other than the SharePoint server machine) but on the same domain.

What is the expected output? 
=============================
The SearchBox should show documents authorized by the currently logged in
sharepoint user

What do you see instead?
==========================
The Searchbox shows 401, Unauthorized as a result.

Original issue reported on code.google.com by amit.per...@gmail.com on 4 Mar 2010 at 9:50

GoogleCodeExporter commented 9 years ago

This is a classic double-hop scenario. The resolution of this problem depends 
on the
Windows versions of the servers:

Windows 2000:  It requires Kerberos or the use of network service
accounts used between servers (or if the back-end service is SQL - SQL
logins).

Windows 2003: You can use the Protocol Transition features to delegate
credentials without Kerberos.

Steps for protocol Transition
==============================
http://msdn.microsoft.com/en-us/library/ms998355.aspx#paght000024_step2

Note: It is preferred to use "custom domain account" than "machine account"

Original comment by amit.per...@gmail.com on 19 Apr 2010 at 4:31

Added labels: Component-Docs

GoogleCodeExporter commented 9 years ago

Could you please explain how to use protocol transition in this configuration?

- SAML Bridge - running on seperate machine DOMAIN\samlMachineAccount using 
Network Service
- Sharepoint 2010 - running on seperate machine using a custom user account 
DOMAIN\spsUserAccount

DOMAIN\samlMachineAccount is already trusted to delegate and SPNs are already 
assigned to DOMAIN\spsUserAccount - these are prerequisites for normal use of 
SAML Bridge.

Original comment by sascha.s...@googlemail.com on 3 Feb 2011 at 12:54

GoogleCodeExporter commented 9 years ago

Original comment by shashank...@gmail.com on 17 Mar 2011 at 11:59

GoogleCodeExporter commented 9 years ago

This issue is filed as Google issue #6513917

Original comment by tdnguyen@google.com on 18 May 2012 at 12:18

Changed state: Duplicate