[MarkLogic Dev General] Create temporary user

Andreas Hubmer andreas.hubmer at ebcont.com
Mon Sep 18 03:58:55 PDT 2017


Hi Chris,

The blog article is about securing a REST endpoint in a Node.js middle
tier. But we explore options to use the JWT in MarkLogic server side code.

Cheers,
Andreas


2017-09-18 12:52 GMT+02:00 Chris Day <Chris.Day at marklogic.com>:

> Hi Andreas,
>
>
>
> Here is an article that may be of interest in regards to securing REST
> endpoints with JWT.
>
>
>
> https://developer.marklogic.com/blog/securing-a-rest-api
>
>
>
> It may help to give you some ideas to get up and running.
>
>
>
> Regards,
> Chris Day
>
>
>
> *Chris Day - *Sales Engineer
>
> chris.day at marklogic.com
>
> *Mobile:  *+61 433 370 083 <+61%20433%20370%20083>
>
> *Phone:  *+61 2 8315 1556 <+61%202%208315%201556>
>
> *Skype: * chrisday-aus
>
> *Twitter:  *@ML_ChrisDay
>
> *MarkLogic Pty Ltd*
>
> www.marklogic.com
>
> What’s new in MarkLogic 9? MLU self-paced course -  https://goo.gl/tMWkoq
>
> <http://www.marklogic.com/social>
>
> *This e-mail and any accompanying attachments are confidential. The
> information is intended solely for the use of the individual to whom it is
> addressed. Any review, disclosure, copying, distribution, or use of this
> e-mail communication by others is strictly prohibited. If you are not the
> intended recipient, please notify us immediately by returning this message
> to the sender and delete all copies. Thank you for your cooperation.*
>
>
>
>
>
> *From: *<general-bounces at developer.marklogic.com> on behalf of Andreas
> Hubmer <andreas.hubmer at ebcont.com>
> *Reply-To: *MarkLogic Developer Discussion <general at developer.marklogic.
> com>
> *Date: *Monday, 18 September 2017 at 6:53 pm
>
> *To: *MarkLogic Developer Discussion <general at developer.marklogic.com>
> *Subject: *Re: [MarkLogic Dev General] Create temporary user
>
>
>
> No, it has to be JWT. As I understand it, they are not compatible.
>
>
>
>
>
> 2017-09-18 10:09 GMT+02:00 Geert Josten <Geert.Josten at marklogic.com>:
>
> Could SAML authorization be of use to you? http://docs.marklogic.
> com/guide/security/external-auth#id_81653
>
>
>
> SAML support was added in MarkLogic 9.
>
>
>
> Cheers,
>
> Geert
>
>
>
> *From: *<general-bounces at developer.marklogic.com> on behalf of Andreas
> Hubmer <andreas.hubmer at ebcont.com>
> *Reply-To: *MarkLogic Developer Discussion <general at developer.marklogic.
> com>
> *Date: *Monday, September 18, 2017 at 9:07 AM
> *To: *MarkLogic Developer Discussion <general at developer.marklogic.com>
> *Subject: *Re: [MarkLogic Dev General] Create temporary user
>
>
>
> Justin,
>
>
>
> I'll answer for my colleague.
>
> We'd like to use JSON Web Tokens (JWT) and extract the user roles from the
> token.
>
> The users are managed in an external system and similar to the LDAP
> connection we want to avoid that every user has to be created/updated in
> MarkLogic too.
>
>
>
> Amps do not give the same flexibility as a temporary user with an
> arbitrary combination of roles.
>
>
>
> Thanks,
>
> Andreas
>
>
>
> 2017-09-15 17:50 GMT+02:00 Justin Makeig <Justin.Makeig at marklogic.com>:
>
> Andreas,
> Rather than describe your solution, can you explain the problem you’re
> trying to solve? Why do you think you need a temporary user? What
> permission/privilege challenge are you trying to address?
>
> You might also take a look at amps <https://docs.marklogic.com/
> guide/admin/security#id_81246>. An amp allows a security administrator to
> elevate the privileges of a specific function. This is beneficial in that
> the security is defined in configuration, not code.
>
> Justin
>
>
> --
> Justin Makeig
> Senior Director, Product Management
> MarkLogic
> jmakeig at marklogic.com
>
>
>
>
> > On Sep 15, 2017, at 4:29 AM, Andreas Holzgethan <
> andreas.holzgethan at ebcont.com> wrote:
> >
> > Hi @all,
> >
> > I need the possibility to create temporary user for a transaction.
> > I just found in the documentation that such a functionality is used when
> for example LDAP is configured as an external security.
> >
> > Could you please explain me how this is done there?
> >
> > My thirst thought was to create a user with the function
> "sec:create-user-with-role". At the end of the transaction I would just
> call the function "sec:remove-user".
> > Could you please give me feedback about this implementation?
> > Is such a implementation a big influence on the performance?
> >
> > Thanks!
> >
> > Best regards
> > Andreas Holzgethan
> >
> > Andreas Holzgethan BSc.
> >
> > IT Consultant
>
>
>
> --
>
> Andreas Hubmer
>
> Senior IT Consultant
>
>
>
> EBCONT enterprise technologies GmbH
>
>
>
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> Manage your subscription at:
> http://developer.marklogic.com/mailman/listinfo/general
>
>


-- 
Andreas Hubmer
Senior IT Consultant

EBCONT enterprise technologies GmbH
Millennium Tower
Handelskai 94-96
A-1200 Vienna

Mobile: +43 664 60651861
Fax: +43 2772 512 69-9
Email: andreas.hubmer at ebcont.com
Web: http://www.ebcont.com

OUR TEAM IS YOUR SUCCESS

UID-Nr. ATU68135644
HG St.Pölten - FN 399978 d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20170918/c5b7fad2/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 45730 bytes
Desc: not available
Url : http://developer.marklogic.com/pipermail/general/attachments/20170918/c5b7fad2/attachment-0001.jpg 


More information about the General mailing list