Certificate-Based
Certificate-based authentication is available on all server types.
Certificate-based authentication requires internal and external users and HTTPS clients to authenticate themselves to MarkLogic Server through a client certificate, either in addition to, or instead of a password.
Certificate-based authentication can take the following forms:
MarkLogic Server authenticates an internal user through the common name in a certificate.
MarkLogic Server authenticates an internal user through the distinguished name in a certificate by matching the distinguished name to an external name configured for an internal user.
MarkLogic Server authenticates an external LDAP user through a certificate subject name with internal authorization.
MarkLogic Server authenticates an external user through a certificate subject name with external authorization. The user is entirely defined externally to MarkLogic Server.
MarkLogic Server authenticates through both a client certificate and a username and password. This method provides a greater level of security by requiring that the user provide a client certificate that matches the specified user.
Certificate-based authentication can be used with internal security, LDAP, and SAML as authorization schemes.
For details on Certificate-based authentication, see Certificate-Based Authentication.