xdmp:gss-server-negotiate( $inputToken as xs:string ) as element()
This function is used for kerberos GSS authentication in application level authentication.
Parameters | |
---|---|
inputToken | input token received from the client |
This function passes the input token to gss_accept_sec_context. The result is set in the negotiate status.
The structure of the data returned is as follows:
declare namespace gss="http://marklogic.com/xdmp/status/negotiate"; let $authorization := xdmp:get-request-header("Authorization") let $result := xdmp:gss-server-negotiate(fn:string($authorization)) return if ($result/gss:success eq fn:true()) then $result else (xdmp:set-response-code(401, "Unauthorized"), xdmp:add-response-header("WWW-Authenticate", fn:concat("Negotiate ", gss:output-token))) => <negotiate-status> <success>true</success> <output-token>oRQwEqADCgEAoQsGCSqGSIb3EgECAg==</output-token> <user>user1@ML.LOCAL</user> </negotiate-status>