sec:saml-server( $saml-entity-id as xs:string, $saml-attribute-names as xs:string*, $saml-privilege-attribute-name as xs:string?, [$http-options as element()], [$saml-destination as xs:string], [$saml-issuer as xs:string], [$saml-idp-certificate-authority as xs:string], [$saml-sp-certificate as xs:string], [$saml-sp-private-key as xs:string] ) as element(sec:saml-server)
This function configures an SAML server for use by the sec:create-external-security function.
Parameters | |
---|---|
saml-entity-id | The SAML entity id. |
saml-attribute-names | The SAML attribute names used for attribute query. |
saml-privilege-attribute-name | The SAML privilege attribute name used for query. |
http-options |
The http options.
The default value is (). The options node must be in the
xdmp:http namespace. This parameter can also include
certain option elements (for example, repair ,
encoding , default-language ) in the
xdmp:document-load and
xdmp:document-get namespaces.
The http options include:
|
saml-destination | The URL for the Identity Provider to accept the authentication request. |
saml-issuer | The identity of the Service Provider (MarkLogic Server). |
saml-idp-certificate-authority | The certificate used to validate the signature in the authentication request. |
saml-sp-certificate | The certificate used to sign the authentication request. |
saml-sp-private-key | The private key used to sign the authentication request. |
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:saml-server("http://id.example.com/example", (),(), <sec:http-options xmlns="xdmp:http"> <authentication method="digest"> <username>admin</username> <password>admin</password> </authentication> </sec:http-options>)
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; sec:saml-server("http://id.example.com/example", (),(), <sec:http-options xmlns="xdmp:http"> <authentication method="digest"> <username>admin</username> <password>admin</password> </authentication> </sec:http-options>, "https://kcd2012dc.engrlab.marklogic.com:9031/idp/SSO.saml2", "https://engrlab-130-112.engrlab.marklogic.com/sp", "https://kcd2012dc.engrlab.marklogic.com/idp", "-----BEGIN CERTIFICATE----- MIIC1DCCAj2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBhjELMAkGA1UEBhMCdXMx CzAJBgNVBAgMAkNBMRwwGgYDVQQKDBNNYXJrTG9naWMgUGluZyBEZW1vMRIwEAYD VQQDDAlTYW1sIFRlc3QxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYJKoZIhvcN AQkBFhNhdHNvaUBtYXJrbG9naWMuY29tMB4XDTE4MDgwMTIzMTAyNVoXDTE5MDgw MTIzMTAyNVowgYYxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJDQTEcMBoGA1UECgwT TWFya0xvZ2ljIFBpbmcgRGVtbzESMBAGA1UEAwwJU2FtbCBUZXN0MRQwEgYDVQQL DAtFbmdpbmVlcmluZzEiMCAGCSqGSIb3DQEJARYTYXRzb2lAbWFya2xvZ2ljLmNv bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtWkpQV132m6hOteZ8EL98pMi gAFmzpgn1GCwaPkb9U1rAT75kKnxwP9rVeXJ4YRH+JrhntY3uTSz2Z1DhVJdNxXA cY+ML1qs+yPG2stcZOPTPCqr3cF15TRx0xUj6fZogf47PGpwZLSITgqw/L4AIXL7 YYKperEOe2zvORhV5zcCAwEAAaNQME4wHQYDVR0OBBYEFHHYan5cJn3rj/1bq8/v z36+0u8WMB8GA1UdIwQYMBaAFHHYan5cJn3rj/1bq8/vz36+0u8WMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQENBQADgYEAgA90Lv5VzABGl7uok8Z6rAiFzVOURkai Nu7Ds0LBD/z6ZqfsiHwF9wrwO6CWCoRTNmYtPfgY5wf0FTdRFBni6pSkZTuovXgc 7giBZHX1yVglXPpUNF/LsxpKJM9DPUvka5CNxUG0SnN29anVuF8fptCxhG8N+JjI rIp0ZVJjbtE= -----END CERTIFICATE-----", "-----BEGIN PRIVATE KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFsXIdgFSuiImTXuCoAxke45SC Aqq+diaRgu1rrVMEcJDpRFe4cNAIoVTcVhiZjd5V7WYZ7e/VZPcrMmUmg87YoYIu rvxUdSnljTD495I8HOWueC8SZIVEM3oO31SCqlVwefFBf6wJNM0zN6FDRBk/satA Qz9etFi8d8YtxyPFgQIDAQAB -----END PRIVATE KEY-----" )