MarkLogic 9 Product Documentation
xdmp:gss-server-negotiate

xdmp:gss-server-negotiate(
   $inputToken as xs:string
) as element()

Summary

This function is used for kerberos GSS authentication in application level authentication.

Parameters
inputToken input token received from the client

Usage Notes

This function passes the input token to gss_accept_sec_context. The result is set in the negotiate status.

The structure of the data returned is as follows:

Example

declare namespace gss="http://marklogic.com/xdmp/status/negotiate";

let $authorization := xdmp:get-request-header("Authorization")
let $result := xdmp:gss-server-negotiate(fn:string($authorization))
return
  if ($result/gss:success eq fn:true()) then
     $result
  else
    (xdmp:set-response-code(401, "Unauthorized"),
     xdmp:add-response-header("WWW-Authenticate", 
         fn:concat("Negotiate ", gss:output-token)))
=>
<negotiate-status>
  <success>true</success>
  <output-token>oRQwEqADCgEAoQsGCSqGSIb3EgECAg==</output-token>
  <user>user1@ML.LOCAL</user>
</negotiate-status>
Powered by MarkLogic Server | Terms of Use | Privacy Policy