The SSA Proxy is a Windows Service that will intercept the search queries sent by the Query Model API and redirect them to the QRServer after attaching security information to the original query.

The SSA Proxy will obtain the username from the qtf_securityfql:uid field passed as part of the original query. With the username, it will invoke the Aspire Http Group Expansion service that will provide the list of users encoded in Base32. Documents have to be previously indexed with ACLs information encoded as well in Base32 format. The managed property that contains the ACLs is configured on the SSA Proxy to construct the security query against this property.

Installation

Repeat the following steps for all FS4SP Servers that have the query service installed:

Prerequisites

  1. .net Framework v4 installed (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) http://www.microsoft.com/en-us/download/details.aspx?id=17851

Installation and Configuration

  1. Edit the file %FASTSearch%\bin\QRProxyService.exe.config.
  2. Locate the appSetting qr_port, save the port number for later use. 
    Change the value of this port to 13281 (or another free port).
  3. Edit the file %FASTSearch%\etc\qrserver\qrserverrc.
  4. Modify the property stacksize = 2097152
  5. Run a Microsoft FAST Search Server 2010 for Sharepoint console as Administrator.
  6. Stop the FAST Server: 
    nctrl stop
  7. Start the FAST Server: 
    nctrl start
  8. Wait for the FAST Server to be up and running: 
    nctrl status

Installing the SSA Proxy

  1. Download the SSAProxyWindowsService from here.
  2. Copy the content of the D:\SSAProxyWindowsService folder to a chosen location in the FS4SP server.
  3. Open a command line prompt (cmd) as Administrator.
  4. Change directory to the SSAProxyWindowsService folder location.
  5. Run the command: 
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe SSAProxyWindowsService.exe
  6. Edit the SSAProxyWindowsService.exe.config file.
  7. Set the QRServerPort value to the port where the QRServer is installed. The original value of the qr_port property in %FASTSearch%\bin\QRProxyService.exe.config. Default is 13280.
  8. Set the ProxyPort value to the value of the new port configured in %FASTSearch%\bin\QRProxyService.exe.config. Default is 13281.
  9. Set the GroupExpansionService value to the URL of the Aspire Http Group Expansion (leave blank until Aspire has been configured. If left blank, authorization is not performed and queries are public).
    pgd;http://aspire.nexteraenergy.com/groupExpansionPGD,nuclear;http://aspire.nexteraenergy.com/groupExpansionNuclear
  10. Set the DocAclProperty value to the name of the Managed Property that contains the indexed values of the ACLs.
  11. Save the config file.
  12. Open the services.msc application and locate SSAProxy.
  13. Right click Properties.
    1. Select Recovery
      1. First failure: Restart the Service
      2. Second failure: Restart the Service
      3. Subsequent failures: Restart the Service.
    2. Select General
      1. Startup Type: Automatic
    3. Click OK
  14. Right click and select Start.