Loading TOC...

xdmp:gss-server-negotiate

xdmp:gss-server-negotiate(
   inputToken as xs:string
) as element()

Summary

This function is used for kerberos GSS authentication in application level authentication.

Parameters
inputToken input token received from the client

Usage Notes

This function passes the input token to gss_accept_sec_context. The result is set in the negotiate status.

The structure of the data returned is as follows:

Example

declare namespace gss="http://marklogic.com/xdmp/status/negotiate";

let $authorization := xdmp:get-request-header("Authorization")
let $result := xdmp:gss-server-negotiate(fn:string($authorization))
return
  if ($result/gss:success eq fn:true()) then
     $result
  else
    (xdmp:set-response-code(401, "Unauthorized"),
     xdmp:add-response-header("WWW-Authenticate", 
         fn:concat("Negotiate ", gss:output-token)))
=>
<negotiate-status>
  <success>true</success>
  <output-token>oRQwEqADCgEAoQsGCSqGSIb3EgECAg==</output-token>
  <user>user1@ML.LOCAL</user>
</negotiate-status>

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.