ASP.NET app integration with GSA with Kerberos

Our company purchased GSA (GSA 6.8.0.G.30), and we are trying to integrate search into our portal (an ASP.NET) application. The Kerberos is already configured on GSA, I can use IE to do a secure search by using the default_frontend, and I can get back secure result without go thru the login form.

However, we have some challenge when we are trying the integration search to our Portal, from our ASP.NET code, we can obtain user's WindowsIdentity and create a WindowsImpersonationContext, we then use a HttpWebRequest object to submit a search, GSA first response with 302, and a transport URL "https://my_gsa_hostname/security-manager/ samlauthn?SAMLRequest=fZLLTsM...开发者_如何学C", then we create a new request points to the new URL, GSA returns 401-unauthorized.

Anyone can shed us a light?

---

The WindowsIdentity and WindowsImpersonationContext can not delegate by default. You'll need to set up the delegation of trust. Your request is between sent to the GSA anonymously. I wrote a blog entry a while back regarding how to write some .NET code to handshake with the appliance. You can read that here:

http://www.mcplusa.com/blog/2009/06/remotely-calling-the-google-search-appliance-restful-web-services-when-saml-is-enabled/

The key will be getting your website to authenticate your users via kerberos as NTLM is not delegate-able. So..kerberos to website to GSA.

Before the Universal Login Manager, we use the Windows Saml Bridge for silent authentication. There is a great document describing to set up kerberos

http://code.google.com/p/google-saml-bridge-for-windows/wiki/ConfigKerberos