2

I am developing a UI application using MarkLogic Grove(React).

By default, password authentication is used when logging in to grove. I would like to change this part to a more secure method such as multi-factor authentication or one-time password. At that time, I use the privilege control function of MarkLogic, so I want to log in as a user on Marklogic.

Does Grove have such a feature as standard? Or if it doesn't have the feature, how can I achieve the above?

masaru.uemura
  • 61
  • 2
  • Could you elaborate a bit more perhaps? Grove by default delegates authentication to MarkLogic, so it is by default limited to capabilities from MarkLogic. LDAP authentication would be transparent for Grove for instance, but there have also been others that managed to do Kerberos ticket authentication without much changes. Multi-factor and one-time password doesn't sound like something supported by MarkLogic out of the box, but that doesn't have to mean you can't pull it off. – grtjn Jul 23 '20 at 09:18
  • Originally, the question was to make it more secure than simple password authentication in some way, but at this point, the use of client certificates is the first choice. As with LDAP authentication, can login using a client certificate be used just by setting on the Marklogic side (without making any customization to Grove)? – masaru.uemura Jul 31 '20 at 03:13
  • Keep in mind that the out of the box grove stack sends user/pwd across only once, and keeps a DIGEST connection open with MarkLogic so it does not need to keep user/pwd in memory. Together with HTTPS that would be a pretty safe approach. – grtjn Jul 31 '20 at 08:12
  • I am less familiar with authenticating with ssl cert to MarkLogic, but should be possible. If that plays well together with LDAP authentication, unsure. – grtjn Jul 31 '20 at 08:14

0 Answers0