Skip to main content

Securing MarkLogic Server

Configuring an App Server for External Authentication

This section describes how to configure an App Server for external authentication.

  1. Click Groups in the left tree menu.

  2. Click the group in which you want to create or configure the App Server (for example, Default).

  3. Click App Servers on the left tree menu.

  4. Select the Create HTTP tab to create a new App Server, or select an existing App Server from the Summary page.

  5. In the App Server Configuration page, scroll down to the authentication section and set the fields, as described in the table below.

    Admin Interface Screenshot illustrating the authentication section of the App Server Configuration page

Field

Description

authentication

The authentication scheme: basic or application-level for LDAP authentication, kerberos-ticket for Kerberos authentication, certificate for certificate authentication, or saml for SAML authentication.

internal security

Determines whether or not authentication for the App Server is to be done internally by MarkLogic Server.

external security

The name of the external authentication configuration object to use. For details on how to create an external authentication configuration object, see Creating an External Authentication Configuration Object. To set additional external authentication configuration objects, click on More External Securities and select an additional configuration object from the pull-down menu.

Note

If you have configured an App Server with multiple external configuration objects that use LDAP, the LDAP server specified by the first configuration object (the object at the top of the list) is always used first. If this first LDAP server is unresponsive, the second LDAP server will not be tried until the first LDAP server exceeds the time-out period established by cache timeout setting.

default user

If you select application-level authentication, you will also need to specify a Default User. Anyone accessing the HTTP server is automatically logged in as the Default User until the user logs in explicitly. A Default User must be an internal user stored in the Security database.
In this section: