Skip to main content

Securing MarkLogic Server

Digest

Digest authentication is available on all server types.

Digest works the same way as basic, but it also offers encryption of passwords sent over the network. A user accessing an application page is prompted for a username and password.

Digest can be used with internal security, LDAP, and SAML as authorization schemes.

Note

If you change an app server from basic to digest authentication, it invalidates existing sessions. You must then reenter the passwords in the Admin Interface. Alternatively, you can migrate to digest-basic mode initially, then switch to digest-only mode once all users have accessed the server at least once. The first time the user accesses the server after changing from basic to digest-basic scheme, the server computes the digest password by extracting the relevant information from the credentials supplied in basic mode.

Note

Since the browser does not provide a way to clear a user’s authentication information in basic, basic-digest, or digest, the user remains logged in until the browser is shut down. In addition, there is no way to create a custom login page using these schemes. For certain deployments, application-level authentication may be more appropriate.