sec.createExternalSecurity( external-security-name as String, description as String, authentication as String, cache-timeout as Number, authorization as String, ldap-server as (sec.ldapServer)?, saml-server as (sec.samlServer)?, [oauth-server as (see.oauthServer)?] ) as (Number|String)
This function creates an external authentication configuration object and returns the id of the configuration. This configuration is used when MarkLogic Server is used with an external Kerberos, LDAP, SAML or OAuth 2.0 server to control user access.
For more information on external security, see External Security in the Security Guide.
Parameters | |
---|---|
external-security-name | The name of external authentication configuration. |
description | The description of external authentication configuration. |
authentication |
The authentication protocol. This can be either
ldap , saml ,
kerberos , or certificate .
If authentication is |
cache-timeout | Login cache timeout, in seconds. |
authorization |
The authorization scheme. Set to ldap for external authorization
using an LDAP server, internal to authorize using MarkLogic Server,
or saml for SAML authorization.
|
ldap-server | The LDAP server configuration created by the sec:ldap-server function. |
saml-server | The SAML server configuration created by the sec:saml-server function. |
oauth-server | The OAuth server configuration created by the sec:oauth-server function. |
(: execute this against the security database :) declareUpdate(); const sec = require('/MarkLogic/security'); const oauth = sec.oauthServer("Ping Identity", "Resource server", "test", "JSON Web Tokens", "username", "roles", "privileges", "", "HS256", ("test1"), ("testsecret1"), "") sec.createExternalSecurity('test-oauth', 'OAuth test config', 'oauth', 300, 'oauth', null, null, oauth) (: Creates an external authorization configuration object, named "oauthconfig," for an OAuth server. :)
// Execute this against the security database. declareUpdate(); const sec = require('/MarkLogic/security'); const ldapConfig = sec.ldapServer( 'ldap://dc1.mltest1.local:389', 'CN=Users,DC=MLTEST1,DC=LOCAL', 'sAMAccountName', 'cn=User1,cn=Users,dc=MLTEST1,dc=local', 'password1', 'simple'); sec.createExternalSecurity( 'ldapConfig', 'config for ldap', 'ldap', 300, 'ldap', ldapConfig, null); // Creates an external authorization configuration object, named 'ldapConfig', // that uses the 'simple' bind method for an LDAP server.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.