Skip to main content

Securing MarkLogic Server

Creating an External Authentication Configuration Object

This section describes how to create an external authentication configuration object in the Admin Interface. You can also use sec:create-external-security() to create an external authentication configuration object. Once created, multiple App Servers can use the same external authentication configuration object.

Note

If the authentication used in an app server is Kerberos or SAML, only the first external security configuration will be used.

  1. In the Admin Interface, click Security in the left tree menu.

  2. Click External Security.

  3. Click the Create tab at the top of the External Security Summary page. The New External Security page appears:

    Admin Interface Screenshot illustrating the New External Security page

  4. Complete the appropriate fields:

Field

Description

external security name

The name used to identify this External Security Configuration Object.

description

The description of this External Authentication Configuration Object.

authentication

The authentication protocol to use: certificate, kerberos, ldap, or saml. The configuration details for LDAP and SAML are described below in LDAP Authentication and SAML Authentication.

cache timeout

The login cache timeout, in seconds. When the timeout period is exceeded, the LDAP server reauthenticates the user with MarkLogic Server.

authorization

The authorization scheme: internal for authorization by MarkLogic Server, ldap for authorization by an LDAP server, or saml for authorization by a SAML server.
In this section: