XQuery xdmp:gss-server-negotiate

MarkLogic 12 Product Documentation
xdmp.gssServerNegotiate

xdmp.gssServerNegotiate(
   inputToken as String
) as Object

Summary

This function is used for kerberos GSS authentication in application level authentication.

Parameters
inputToken	input token received from the client

Usage Notes

This function passes the input token to gss_accept_sec_context. The result is set in the negotiate status.

The structure of the data returned is as follows:

success: true if gss_accept_sec_context returns GSS_S_COMPLETE.
output-token: The output token from gss_accept_sec_context.
user: The user name if authentication is successful.

Example

const authorization = xdmp.getRequestHeader("Authorization");
 
if (authorization != "") {
  xdmp.gssServerNegotiate(authorization);
} else {
  xdmp.setResponseCode(401, "Unauthorized");
  xdmp.addResponseHeader("WWW-Authenticate", "Negotiate ");
}
=>
{
  "success":true, 
  "outputToken":"oRQwEqADCgEAoQsGCSqGSIb3EgECAg==", 
  "user":"test1@MLTEST1.LOCAL"
}

Copyright © 2025 MarkLogic Corporation. MARKLOGIC is a registered trademark of MarkLogic Corporation.

Powered by MarkLogic Server | Terms of Use | Privacy Policy