Configuration (Security)

URL:
https://<root>/security/config
Methods:
GET
Required Capability:
Access allowed with the "Security and infrastructure" privilege
Version Introduced:
10.9

Description

The config resource returns the currently active security configuration for your ArcGIS Enterprise on Kubernetes deployment.

Request parameters

ParameterDetails

f

The response format. The default format is html.

Values: html | json | pjson

Security configuration properties

ParameterDetails

serverRole

The role assigned to the federated server.

userStoreConfig

Connection information about the currently active user store.

roleStoreConfig

Connection information about the currently active role store.

tokenServiceKey

The key used to encrypt tokens.

enableAutomaticAccountCreation

A Boolean that indicates whether new organization accounts will automatically be created when enterprise users access your Enterprise portal for the first time (true), or whether accounts will be manually created. The default value is false.

Values: true | false

securityEnabled

A Boolean that indicates whether security is enabled for any GIS service. The default value is true.

Values: true | false

disableServicesDirectory

A Boolean that indicates whether access to the services directory will be disabled. The default value is false.

Values: true | false

allowedProxyHosts

This property restricts what hosts Enterprise portal can access directly. This restriction applies to several scenarios, including when the Enterprise portal accesses resources from a server that does not support Cross-Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Use the format (.*).domain.com to allow access to all machines within a specified domain. Domains must be comma-separated.

Example
Use dark colors for code blocksCopy
1
"allowedProxyHosts": "gisserver1.domain.com, gisserver2.domain.com, (.*).example.com"

allowInternetCORSAccess

Introduced at 10.9.1. A Boolean that controls the value of the Access-Control-Allow-Private-Network response header in a CORS preflight request to a portal service URL. This property was added to support the Private Network Access web specification (CORS-RFC1918) that aims to protect sites accessed over a private network from being able to make internal CORS requests. The default value is true.

Values: true | false

Portal properties

ParameterDetails

webgisServerTrustKey

A key automatically generated during site creation. This property should not be modified.

portalSecretKey

The key obtained after federating an ArcGIS Server to an organization.

privatePortalUrl

The internal service URL used to access the Portal sharing container.

portalURL

The organization URL.

serverURL

The external URL of the server federated with the organization.

portalMode

Must be set as ARCGIS_PORTAL_FEDERATION.

serverId

The ID of the server that is federated with the organization.

Forward proxy config

ParameterDetails

httpProxyHost

The forward proxy host name for http requests.

httpsProxyHost

The forward proxy host name for https requests.

httpProxyPort

The forward proxy port number for http requests.

httpsProxyPort

The forward proxy port number for https requests.

httpProxyUser

The forward proxy user name for http requests when authentication is required.

httpsProxyUser

The forward proxy user name for https requests when authentication is required.

httpProxyPassword

The forward proxy password for http requests when authentication is required.

httpsProxyPassword

The forward proxy password for https requests when authentication is required.

nonProxyHosts

A list of host names separated by | that can be accessed directly and do not require the use of the proxy. Wildcards can be used for an entire domain (*.example.com).

isHttpProxyPasswordEncrypted

A Boolean that indicates whether the http proxy password is encrypted. When adding or updating the password, this property should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically.

Values: true | false

isHttpProxyPasswordEncrypted

A Boolean that indicates whether the https proxy password is encrypted. When adding or updating the password, this should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically.

Values: true | false

Example usage

The following is a sample request URL used to access the config resource:

Use dark colors for code blocksCopy
1
https://organization.domain.com/context/admin/security/config?f=pjson

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
  "serverRole": "HOSTING_SERVER",
  "userStoreConfig": {
    "type": "PORTAL",
    "properties": {}
  },
  "roleStoreConfig": {
    "type": "PORTAL",
    "properties": {}
  },
  "tokenServiceKey": "AIT8Nvh7J7AHWAld1RZe9/n393gLeAeq4HvTkaN5SoM=",
  "enableAutomaticAccountCreation": false,
  "allowInternetCORSAccess": true,
  "securityEnabled": true,
  "disableServicesDirectory": false,
  "portalProperties": {
    "webgisServerTrustKey": "PluSR7m7CyWo3JfOZrL2qkRAy4tvO+VNzEgKfK5gWS4=",
    "portalSecretKey": "73ccba361df243ddbfd8b697e148dc4a",
    "privatePortalUrl": "https://privateportal.domain.local:8443/arcgis/",
    "portalUrl": "https://reverseproxy.domain.com/arcgis/",
    "serverUrl": "https://reverseproxy.domain.com/gis/",
    "includeOrgIdWIthUsername": false,
    "portalMode": "ARCGIS_PORTAL_FEDERATION",
    "serverId": "T4QEbIXt66r0p5bW"
  },
  "forwardProxyConfig": {
    "httpProxyHost": "proxy.example.com",
    "httpsProxyHost": "proxy.example.com",
    "httpProxyPort": 8888,
    "httpsProxyPort": 8888,
    "httpProxyUser": "username",
    "httpProxyPassword": "password",
    "httpsProxyUser": "username",
    "httpsProxyPassword": "password",
    "nonProxyHosts": "enterprise.example.com|server.example.com",
    "isHttpProxyPasswordEncrypted": false,
    "isHttpsProxyPasswordEncrypted": false
  }
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.