sec:create-external-security( $external-security-name as xs:string, $description as xs:string, $authentication as xs:string, $cache-timeout as xs:unsignedInt, $authorization as xs:string, $ldap-server as (sec:ldap-server)?, $saml-server as (sec:saml-server)?, $oauth-server as (see:oauth-server)? ) as xs:unsignedLong
This function creates an external authentication configuration object and returns the id of the configuration. This configuration is used when MarkLogic Server is used with an external Kerberos and/or LDAP server to control user access.
For more information on external security, see External Security in the Security Guide.
Parameters | |
---|---|
external-security-name | The name of external authentication configuration. |
description | The description of external authentication configuration. |
authentication |
The authentication protocol. This can be either
ldap , saml ,
kerberos , or certificate .
If authentication is |
cache-timeout | Login cache timeout, in seconds. |
authorization |
The authorization scheme. Set to ldap for external authorization
using an LDAP server, internal to authorize using MarkLogic Server,
or saml for SAML authorization.
|
ldap-server | The LDAP server configuration created by the sec:ldap-server function. |
saml-server | The SAML server configuration created by the sec:saml-server function. |
oauth-server | The OAuth server configuration created by the sec:oauth-server function. |
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; let $ldap-config := sec:ldap-server( "ldap://dc1.mltest1.local:389", "CN=Users,DC=MLTEST1,DC=LOCAL", "sAMAccountName", "cn=User1,cn=Users,dc=MLTEST1,dc=local", "password1", "simple") return sec:create-external-security( "ldapconfig", "config for ldap", "ldap", 300, "ldap", $ldap-config, ()) (: Creates an external authorization configuration object, named "ldapconfig," that uses the 'simple' bind method for an LDAP server. :)
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; let $saml-config := sec:saml-server("http://id.example.com/example", (),(), <sec:http-options xmlns="xdmp:http"> <authentication method="digest"> <username>admin</username> <password>admin</password> </authentication> </sec:http-options>) return sec:create-external-security( "samlconfig", "config for saml", "ldap", 300, "saml", (), $saml-config) (: Creates an external authorization configuration object, named "samlconfig," for a SAML server. :)
(: execute this against the security database :) xquery version "1.0-ml"; import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"; let $oauth := sec:oauth-server("Ping Identity", "Resource server", "test", "JSON Web Tokens", "username", "roles", "privileges", "", "HS256", ("test1"), ("testsecret1"), "") return sec:create-external-security('test-oauth', 'OAuth test config', 'oauth', 300, 'oauth', (), (), $oauth) (: Creates an external authorization configuration object, named "oauthconfig," for an OAuth server. :)