SAML
SAML authentication is available on all server types except ODBC.
When SAML authentication is used, a client requests a resource from MarkLogic Server with no security context. MarkLogic Server redirects the authentication request to an Identity Provider. The Identity Provider prompts the user to log in, if necessary, then sends the authentication request back to MarkLogic Server (the Service Provider) for validation.
There are two major components in SAML:
The Identity Provider (IDP) authenticates a subject and provides security assertion to the Service Provider.
The Service Provider (SP) provides access to the resource for a client. MarkLogic Server is a Service Provider.
MarkLogic Server sends a redirect to the resource. The client requests the resource again with a security context. MarkLogic Server then authenticates the user using the information from the authentication request to grant the user access to the requested resource.
SAML can be used only with the SAML authorization scheme.