Skip to main content

Securing MarkLogic Server

Creating a MarkLogic Server User with an Internal Name

To configure certificate-based user authentication for user, demoUser1, as a MarkLogic Server internal user, follow these steps in the Admin Interface:

  1. Click Security in the left tree menu.

  2. Click Users.

  3. Click the Create tab. The New User configuration page appears.

  4. In the user name field, enter the user name as it appears in the CN value of the certificate Subject field (demoUser1 in the example shown in User Certificate Example).

    Admin Interface Screenshot illustrating the New User page with user name, description, password, and confirm password fields filled in as described in the step

  5. In the App Server configuration page, set authentication to certificate and set internal security to true. Unless you want to have the user authenticated as an external user as well, set external securities to none.

    Admin Interface Screenshot illustrating authentication, internal security, and external securities fields set as described in the step

  6. In the App Server configuration page, scroll down to the bottom and select show in the SSL Client Certificate Authorities section.

    Admin Interface Screenshot illustrating the location of [Show] near the bottom of the app server configuration page

  7. Select the CA created in CA Certificate (User Cert Signer) Import from Admin Interface to sign the client/user certificate.

    Admin Interface Screenshot illustrating the selection of the previously created CA

Once configured, demoUser1 is now able to access the app server with a browser that has the user certificate installed, as described in Certificate Template & Template CA Import into Client (Browser/SSL Client).

Note

You will also need to assign the necessary roles to demoUser1 to access the needed MarkLogic Server resources.

In this section: