Loading TOC...

GET /manage/v2/external-security/{id|name}/properties

Summary

This resource address returns the properties of the specified external-security configuration.

For more information on external security, see External Security in the Security Guide.

URL Parameters
format The format of the returned data. Can be either json or xml (default). This value overrides the Accept header if both are present.
Request Headers
Accept The expected MIME type of the response. If the format parameter is present, it takes precedence over the Accept header.
Response Headers
Content-type The MIME type of the data in the response body. Depending upon the value of the format parameter or Accept header, one of application/xml, application/json, or text/html.

Response

Upon success, MarkLogic Server returns status code 200 (OK), and the response body contains the requested data. A status code of 401 (Unauthorized) is returned if the user does not have the necessary privileges. A status code of 404 (no such user) is returned if the user does not exist.

Required Privileges

This operation requires the security and manage-admin roles.

Usage Notes

The structure of the output returned from this REST API is as follows:

external-security-id

An external security id (unique key).

external-security-name

External security name (unique)

description

An object's description.

authentication

Authentication

cache-timeout

The login cache timeout, in seconds.

authorization

An authorization scheme.

ldap-server-uri

URI of the ldap server. Required if authentication or authorization is ldap.

ldap-base

starting point for search. Required if authentication or authorization is ldap.

ldap-attribute

ldap attribute for user lookup. Required if authentication or authorization is ldap.

ldap-default-user

ldap user used by MarkLogic server. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-password

password of the default ldap user. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-bind-method

ldap bind method.

ldap-memberof-attribute

ldap attribute for group lookup. This is optional. If it is not specified, "memberOf" will be used for search for the groups of a user.

ldap-member-attribute

ldap attribute for group lookup. This is optional. If it is not specified, "member" will be used for search for the group of a group.

ldap-server

An LDAP server configuration.

This is a complex structure with the following children:

ldap-server-uri

URI of the ldap server. Required if authentication or authorization is ldap.

ldap-base

starting point for search. Required if authentication or authorization is ldap.

ldap-attribute

ldap attribute for user lookup. Required if authentication or authorization is ldap.

ldap-default-user

ldap user used by MarkLogic server. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-password

password of the default ldap user. Required if authentication is kerberos and authorization is ldap or bind method is simple.

ldap-bind-method

ldap bind method.

ldap-memberof-attribute

ldap attribute for group lookup. This is optional. If it is not specified, "memberOf" will be used for search for the groups of a user.

ldap-member-attribute

ldap attribute for group lookup. This is optional. If it is not specified, "member" will be used for search for the group of a group.

saml-server

An SAML server configuration.

This is a complex structure with the following children:

saml-entity-id

SAML entity id. Required if authorization is SAML.

saml-attribute-names

A list of SAML attribute names.

This is a complex structure with the following children:

saml-attribute-name

SAML attribute name.

saml-privilege-attribute-name

SAML privilege attribute name.

http-options

The HTTP options to use when connecting to the replication application server.

This is a complex structure with the following children:

method

The method to use.

username

password

client-cert

client-key

client-pass-phrase

credential-id

The credential id.

ssl-client-certificate-authorities

Certificate authorities that may sign client certificates for this server. Selecting one or more certificate authorities when SSL is enabled will require all clients to present a valid certificate signed by one of the selected authorities. Clicking on an organization below will reveal the certificate authorities for that organization.

This is a complex structure with the following children:

ssl-client-certificate-authority

An SSL certificate authority

ssl-require-client-certificate

Whether or not a client certificate is required. This only has an effect when one or more more client certificate authorities are specified, in which case a value of true will fail client authentication if a valid client certificate is not provided.

Example


http://localhost:8002/manage/v2/external-security/MyExternalName/properties

==> Returns the properties of the external-security configuration, "MyExternalName," 
    from the Security database.
    

Comments

    Powered by MarkLogic Server 7.0-4.1 and rundmc | Terms of Use | Privacy Policy