Hi Andreas, Here is an article that may be of interest in regards to securing REST endpoints with JWT.
https://developer.marklogic.com/blog/securing-a-rest-api It may help to give you some ideas to get up and running. Regards, Chris Day Chris Day - Sales Engineer [email protected] Mobile: +61 433 370 083 Phone: +61 2 8315 1556 Skype: chrisday-aus Twitter: @ML_ChrisDay MarkLogic Pty Ltd www.marklogic.com<http://www.marklogic.com/> What’s new in MarkLogic 9? MLU self-paced course - https://goo.gl/tMWkoq [cid:[email protected]]<http://www.marklogic.com/social> This e-mail and any accompanying attachments are confidential. The information is intended solely for the use of the individual to whom it is addressed. Any review, disclosure, copying, distribution, or use of this e-mail communication by others is strictly prohibited. If you are not the intended recipient, please notify us immediately by returning this message to the sender and delete all copies. Thank you for your cooperation. From: <[email protected]> on behalf of Andreas Hubmer <[email protected]> Reply-To: MarkLogic Developer Discussion <[email protected]> Date: Monday, 18 September 2017 at 6:53 pm To: MarkLogic Developer Discussion <[email protected]> Subject: Re: [MarkLogic Dev General] Create temporary user No, it has to be JWT. As I understand it, they are not compatible. 2017-09-18 10:09 GMT+02:00 Geert Josten <[email protected]<mailto:[email protected]>>: Could SAML authorization be of use to you? http://docs.marklogic.com/guide/security/external-auth#id_81653 SAML support was added in MarkLogic 9. Cheers, Geert From: <[email protected]<mailto:[email protected]>> on behalf of Andreas Hubmer <[email protected]<mailto:[email protected]>> Reply-To: MarkLogic Developer Discussion <[email protected]<mailto:[email protected]>> Date: Monday, September 18, 2017 at 9:07 AM To: MarkLogic Developer Discussion <[email protected]<mailto:[email protected]>> Subject: Re: [MarkLogic Dev General] Create temporary user Justin, I'll answer for my colleague. We'd like to use JSON Web Tokens (JWT) and extract the user roles from the token. The users are managed in an external system and similar to the LDAP connection we want to avoid that every user has to be created/updated in MarkLogic too. Amps do not give the same flexibility as a temporary user with an arbitrary combination of roles. Thanks, Andreas 2017-09-15 17:50 GMT+02:00 Justin Makeig <[email protected]<mailto:[email protected]>>: Andreas, Rather than describe your solution, can you explain the problem you’re trying to solve? Why do you think you need a temporary user? What permission/privilege challenge are you trying to address? You might also take a look at amps <https://docs.marklogic.com/guide/admin/security#id_81246>. An amp allows a security administrator to elevate the privileges of a specific function. This is beneficial in that the security is defined in configuration, not code. Justin -- Justin Makeig Senior Director, Product Management MarkLogic [email protected]<mailto:[email protected]> > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan > <[email protected]<mailto:[email protected]>> wrote: > > Hi @all, > > I need the possibility to create temporary user for a transaction. > I just found in the documentation that such a functionality is used when for > example LDAP is configured as an external security. > > Could you please explain me how this is done there? > > My thirst thought was to create a user with the function > "sec:create-user-with-role". At the end of the transaction I would just call > the function "sec:remove-user". > Could you please give me feedback about this implementation? > Is such a implementation a big influence on the performance? > > Thanks! > > Best regards > Andreas Holzgethan > > Andreas Holzgethan BSc. > > IT Consultant -- Andreas Hubmer Senior IT Consultant EBCONT enterprise technologies GmbH
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
