xdmp:gss-server-negotiate

xdmp:gss-server-negotiate(
   $inputToken as xs:string
) as element()

Summary

This function is used for kerberos GSS authentication in application level authentication.

Parameters
inputToken input token received from the client

Usage Notes

This function passes the input token to gss_accept_sec_context. The result is set in the negotiate status.

The structure of the data returned is as follows:

success

true if gss_accept_sec_context returns GSS_S_COMPLETE.

output-token

The output token from gss_accept_sec_context.

user

The user name if authentication is successful.

Example

declare namespace gss="http://marklogic.com/xdmp/status/negotiate";

let $authorization := xdmp:get-request-header("Authorization")
let $result := xdmp:gss-server-negotiate(fn:string($authorization))
return
  if ($result/gss:success eq fn:true()) then
     $result
  else
    (xdmp:set-response-code(401, "Unauthorized"),
     xdmp:add-response-header("WWW-Authenticate", 
         fn:concat("Negotiate ", gss:output-token)))
=>
<negotiate-status>
  <success>true</success>
  <output-token>oRQwEqADCgEAoQsGCSqGSIb3EgECAg==</output-token>
  <user>user1@ML.LOCAL</user>
</negotiate-status>
Powered by MarkLogic Server | Terms of Use | Privacy Policy