Secure MarkLogic Server

Creating an External Authentication Configuration Object

Save PDF

Creating an External Authentication Configuration Object

Save PDF

Last Updated: April 14, 2026
1 minute read

MarkLogic Server
Version 10.0
Documentation

This section describes how to create an external authentication configuration object in the Admin Interface. You can also use sec:create-external-security() to create an external authentication configuration object. Once created, multiple App Servers can use the same external authentication configuration object.

Note:

If the authentication used in an app server is Kerberos or SAML, only the first external security configuration will be used.

In the Admin Interface, click Security in the left tree menu.
Click External Security.
Click the Create tab at the top of the External Security Summary page. The New External Security page appears:
Complete the appropriate fields:

Field	Description
external security name	The name used to identify this External Security Configuration Object.
description	The description of this External Authentication Configuration Object.
authentication	The authentication protocol to use: certificate, kerberos, ldap, or saml. The configuration details for LDAP and SAML are described below in LDAP Authentication and SAML Authentication.
cache timeout	The login cache timeout, in seconds. When the timeout period is exceeded, the LDAP server reauthenticates the user with MarkLogic Server.
authorization	The authorization scheme: `internal` for authorization by MarkLogic Server, `ldap` for authorization by an LDAP server, or `saml` for authorization by a SAML server.