GETTING STARTED
SearchAssist Overview
SearchAssist Introduction
Onboarding SearchAssist
Build your first App
Glossary
Release Notes
What's new in SearchAssist
Previous Versions
CONCEPTS
Managing Sources
Introduction
Files
Web Pages
FAQs
Structured Data 
Connectors
Introduction to Connectors
Azure Storage Connector
Confluence Cloud Connector
Confluence Server Connector
Custom Connector
DotCMS Connector
Dropbox Connector
Google Drive Connector
Oracle Knowledge Connector
Salesforce Connector
ServiceNow Connector
SharePoint Connector
Zendesk Connector
RACL
Virtual Assistants
Managing Indices
Introduction
Index Fields
Traits
Workbench
Introduction to Workbench
Field Mapping
Entity Extraction
Traits Extraction
Keyword Extraction
Exclude Document
Semantic Meaning
Snippet Extraction
Custom LLM Prompts
Index Settings
Index Languages
Managing Chunks
Chunk Browser
Managing Relevance
Introduction
Weights
Highlighting
Presentable
Synonyms
Stop Words
Search Relevance
Spell Correction
Prefix Search
Custom Configurations
Personalizing Results
Introduction
Answer Snippets
Introduction
Extractive Model
Generative Model
Enabling Both Models
Simulation and Testing
Debugging
Best Practices and Points to Remember
Troubleshooting Answers
Answer Snippets Support Across Content Sources
Result Ranking
Facets
Business Rules
Introduction
Contextual Rules
NLP Rules
Engagement
Small Talk
Bot Actions
Designing Search Experience
Introduction
Search Interface
Result Templates
Testing
Preview and Test
Debug Tool
Running Experiments
Introduction
Experiments
Analyzing Search Performance
Overview
Dashboard
User Engagement
Search Insights
Result Insights
Answer Insights
ADMINISTRATION
General Settings
Credentials
Channels
Team
Collaboration
Integrations
OpenAI Integration
Azure OpenAI Integration
Custom Integration
Billing and Usage
Plan Details
Usage Logs
Order and Invoices
Smart Hibernation
SearchAssist APIs
API Introduction
API List
SearchAssist SDK
HOW TOs
Use Custom Fields to Filter Search Results and Answers
Add Custom Metadata to Ingested Content
Write Painless Scripts
Configure Business Rules for Generative Answers

Authorization Profiles

An Authorization Profile defines the type and properties required for authentication using a specific mechanism. Creating a profile allows the users to save the properties as a group. 

SearchAssist currently supports the Kerberos Spnego Authentication mechanism for integration with custom LLM. 

Kerberos SPNEGO Authentication

Kerberos authentication is based on a ticket-granting system, primarily used in secure environments such as enterprise networks. 

Workflow

  1. Obtain Ticket Granting Ticket (TGT): The client authenticates with a Key Distribution Center (KDC) using its credentials. If successful, the client receives a Ticket Granting Ticket (TGT).
  2. Request Service Ticket: Using the TGT, the client requests a Service Ticket from the KDC to access a specific API or service on the server. The KDC returns a service ticket that can be presented to the server.
  3. Accessing the Server API: The client sends the Service Ticket in the Authorization header using the SPNEGO protocol. 
  4. The server verifies the service ticket with the KDC to confirm the identity and permissions of the client, then grants access to the API if valid.

To create an Auth Profile for this type of authorization, provide the following fields:

Name: Unique name for the profile. 

Service Principle URL: This is the URL of the KDC responsible for generating the tickets. 

Auth Check URL: This is the URL of the service that is used to communicate with the custom LLM. 

Authorization Field(s): Provide one or more authorization fields to be added to the header, request, or as path parameters in the request, depending upon the specific requirements of the service. It is mandatory to add the following authorization field for Kerberos authentication.

This allows the ticket generated to be passed as auth header along with the other fields in the service URL. 

Authentication Types:  Select one of the following types to set the authentication behaviour.

  • Mutual – The Mutual authentication ensures that both the client and the server authenticate each other during the Kerberos SPNEGO authentication process.
  • Delegate – In this case, the client can pass its Kerberos credentials to the service. The service can then use these credentials to authenticate to other services on behalf of the client.

Authorization Profiles

An Authorization Profile defines the type and properties required for authentication using a specific mechanism. Creating a profile allows the users to save the properties as a group. 

SearchAssist currently supports the Kerberos Spnego Authentication mechanism for integration with custom LLM. 

Kerberos SPNEGO Authentication

Kerberos authentication is based on a ticket-granting system, primarily used in secure environments such as enterprise networks. 

Workflow

  1. Obtain Ticket Granting Ticket (TGT): The client authenticates with a Key Distribution Center (KDC) using its credentials. If successful, the client receives a Ticket Granting Ticket (TGT).
  2. Request Service Ticket: Using the TGT, the client requests a Service Ticket from the KDC to access a specific API or service on the server. The KDC returns a service ticket that can be presented to the server.
  3. Accessing the Server API: The client sends the Service Ticket in the Authorization header using the SPNEGO protocol. 
  4. The server verifies the service ticket with the KDC to confirm the identity and permissions of the client, then grants access to the API if valid.

To create an Auth Profile for this type of authorization, provide the following fields:

Name: Unique name for the profile. 

Service Principle URL: This is the URL of the KDC responsible for generating the tickets. 

Auth Check URL: This is the URL of the service that is used to communicate with the custom LLM. 

Authorization Field(s): Provide one or more authorization fields to be added to the header, request, or as path parameters in the request, depending upon the specific requirements of the service. It is mandatory to add the following authorization field for Kerberos authentication.

This allows the ticket generated to be passed as auth header along with the other fields in the service URL. 

Authentication Types:  Select one of the following types to set the authentication behaviour.

  • Mutual – The Mutual authentication ensures that both the client and the server authenticate each other during the Kerberos SPNEGO authentication process.
  • Delegate – In this case, the client can pass its Kerberos credentials to the service. The service can then use these credentials to authenticate to other services on behalf of the client.