This resource address returns the properties of the specified external-security
configuration.
Upon success, MarkLogic Server returns status code 200 (OK), and the response
body contains the requested data. A status code of 401 (Unauthorized) is returned if the user
does not have the necessary privileges. A status code of 404 (no such user) is returned if the
user does not exist.
roles.
external-security-id
An external security id (unique key).
external-security-name
External security name (unique)
description
An object's description.
authentication
Authentication
cache-timeout
The login cache timeout, in seconds.
authorization
An authorization scheme.
ldap-server-uri
URI of the ldap server. Required if authentication or authorization is ldap.
ldap-base
starting point for search. Required if authentication or authorization is ldap.
ldap-attribute
ldap attribute for user lookup. Required if authentication or authorization is ldap.
ldap-default-user
ldap user used by MarkLogic server.
Required if authentication is kerberos and authorization is ldap or bind method is simple.
ldap-password
password of the default ldap user.
Required if authentication is kerberos and authorization is ldap or bind method is simple.
ldap-bind-method
ldap bind method.
ldap-memberof-attribute
ldap attribute for group lookup. This is optional. If it is not specified,
"memberOf" will be used for search for the groups of a user.
ldap-member-attribute
ldap attribute for group lookup. This is optional. If it is not specified,
"member" will be used for search for the group of a group.
ldap-start-tls
Whether or not to use start TLS request to the ldap server.
ldap-certificate
The PEM encoded X509 certificate for MarkLogic server to connect the LDAP server.
It can be used for mutual authentication if bind method is MD5 or simple.
Or it can be used for external binding.
ldap-private-key
The PEM encoded private key corresponding to the certificate.
ldap-nested-lookup
Whether or not to perform nested group lookup.
ldap-remove-domain
Whether or not to remove domain before matching with ldap-attribute.
ldap-server
An LDAP server configuration.
This is a complex structure with the following children:
ldap-server-uri
URI of the ldap server. Required if authentication or authorization is ldap.
ldap-base
starting point for search. Required if authentication or authorization is ldap.
ldap-attribute
ldap attribute for user lookup. Required if authentication or authorization is ldap.
ldap-default-user
ldap user used by MarkLogic server.
Required if authentication is kerberos and authorization is ldap or bind method is simple.
ldap-password
password of the default ldap user.
Required if authentication is kerberos and authorization is ldap or bind method is simple.
ldap-bind-method
ldap bind method.
ldap-memberof-attribute
ldap attribute for group lookup. This is optional. If it is not specified,
"memberOf" will be used for search for the groups of a user.
ldap-member-attribute
ldap attribute for group lookup. This is optional. If it is not specified,
"member" will be used for search for the group of a group.
ldap-start-tls
Whether or not to use start TLS request to the ldap server.
ldap-certificate
The PEM encoded X509 certificate for MarkLogic server to connect the LDAP server.
It can be used for mutual authentication if bind method is MD5 or simple.
Or it can be used for external binding.
ldap-private-key
The PEM encoded private key corresponding to the certificate.
ldap-nested-lookup
Whether or not to perform nested group lookup.
ldap-remove-domain
Whether or not to remove domain before matching with ldap-attribute.
saml-server
An SAML server configuration.
This is a complex structure with the following children:
saml-entity-id
SAML entity id. Required if authorization is SAML.
saml-destination
SAML destination.
saml-issuer
SAML issuer.
saml-idp-certificate-authority
The PEM encoded X509 certificate authority for SAML IDP.
saml-sp-certificate
The PEM encoded X509 certificate for SAML SP.
saml-sp-private-key
The PEM encoded private key for SAML SP.
saml-attribute-names
A list of SAML attribute names.
This is a complex structure with the following children:
saml-attribute-name
SAML attribute name.
saml-privilege-attribute-name
SAML privilege attribute name.
http-options
The HTTP options to use when connecting to the
replication application server.
This is a complex structure with the following children:
timeout
The timeout
data
headers
The headers.
method
The method to use.
username
password
credential-id
The credential id.
client-cert
client-key
pass-phrase
verify-cert
Whether the server's certificate should be verified.
proxy
The network location of the proxy server.
kerberos-ticket-forwarding
The option for kerberos ticket forwarding.
If it is "disabled", the user ticket is not used. This is the default.
If it is "required", the user ticket is forwarded. If the user ticket is not
forwardable, XDMP-NOFORWARDTICKET is thrown.
If it is "optional", the user ticket is forwarded if it is forwardable.
But no error if it is not forwardable.
ssl-client-certificate-authorities
Certificate authorities that may sign client certificates for this
server. Selecting one or more certificate authorities when SSL is
enabled will require all clients to present a valid certificate signed
by one of the selected authorities. Clicking on an organization below
will reveal the certificate authorities for that organization.
This is a complex structure with the following children:
ssl-client-certificate-authority
An SSL certificate authority
ssl-require-client-certificate
Whether or not a client certificate is required. This only has an
effect when one or more more client certificate authorities are
specified, in which case a value of true will fail client authentication
if a valid client certificate is not provided.
http://localhost:8002/manage/v2/external-security/MyExternalName/properties
==> Returns the properties of the external-security configuration, "MyExternalName,"
from the Security database.