Loading TOC...

sec:create-external-security

sec:create-external-security(
   $external-security-name as xs:string,
   $description as xs:string,
   $authentication as xs:string,
   $cache-timeout as xs:unsignedInt,
   $authorization as xs:string,
   $ldap-server as (sec:ldap-server)?,
   $saml-server as (sec:saml-server)?,
   $oauth-server as (see:oauth-server)?
) as xs:unsignedLong

Summary

This function creates an external authentication configuration object and returns the id of the configuration. This configuration is used when MarkLogic Server is used with an external Kerberos and/or LDAP server to control user access.

For more information on external security, see External Security in the Security Guide.

Parameters
external-security-name The name of external authentication configuration.
description The description of external authentication configuration.
authentication The authentication protocol. This can be either ldap, saml, kerberos, or certificate.

If authentication is certificate, only certificate authentication will be performed. If authentication is not certificate and if require-client-certificate is set to true, a client certificate is required in addition to some other form of authentication.

cache-timeout Login cache timeout, in seconds.
authorization The authorization scheme. Set to ldap for external authorization using an LDAP server, internal to authorize using MarkLogic Server, or saml for SAML authorization.
ldap-server The LDAP server configuration created by the sec:ldap-server function.
saml-server The SAML server configuration created by the sec:saml-server function.
oauth-server The OAuth server configuration created by the sec:oauth-server function.

Example


  (: execute this against the security database :)
  xquery version "1.0-ml"; 
 
  import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";

  let $ldap-config := sec:ldap-server(
        "ldap://dc1.mltest1.local:389", 
        "CN=Users,DC=MLTEST1,DC=LOCAL", 
        "sAMAccountName",
        "cn=User1,cn=Users,dc=MLTEST1,dc=local",
	    "password1",
	    "simple")
 
  return sec:create-external-security(
        "ldapconfig", 
        "config for ldap", 
        "ldap", 
        300,
        "ldap",
        $ldap-config,
        ())

     (: Creates an external authorization configuration object, named "ldapconfig," 
        that uses the 'simple' bind method for an LDAP server. :)
    

Example


  (: execute this against the security database :)
  xquery version "1.0-ml"; 
 
  import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";

  let $saml-config := sec:saml-server("http://id.example.com/example",
           (),(),
           <sec:http-options xmlns="xdmp:http">
             <authentication method="digest">
                <username>admin</username>
                <password>admin</password>
             </authentication>
           </sec:http-options>)
 
  return sec:create-external-security(
        "samlconfig", 
        "config for saml", 
        "ldap", 
        300,
        "saml",
        (), $saml-config)
 

     (: Creates an external authorization configuration object, named "samlconfig," 
        for a SAML server. :)
    

Example


  (: execute this against the security database :)
  xquery version "1.0-ml"; 
 
  import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";

  let $oauth := sec:oauth-server("Ping Identity", 
                                 "https://dc1.mltest1.local:9031", 
                                 "https://dc1.mltest1.local:9031/as/authorization.oauth2", 
                                 "https://dc1.mltest1.local:9031/as/token.oauth2", 
                                 "https://dc1.mltest1.local:9031/as/introspection.oauth2", 
                                 "Authorization code", 
                                 "test", 
                                 "Client secret", 
                                 "cluster", 
                                 "***Insert client secret***", 
                                 "https://macpro-3912.marklogic.com:8008/test.xqy", 
                                 "Internally managed reference tokens", 
                                 "username", 
                                 "roles", 
                                 "privileges")
  return sec:create-external-security('test-oauth', 
                                      'OAuth test config', 
                                      'oauth', 
                                      300, 
                                      'internal', 
                                      (), 
                                      (), 
                                      $oauth)
 

     (: Creates an external authorization configuration object, named "oauthconfig," 
        for an OAuth server. :)
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.