Configuration (Security)

URL:: https://<root>/security/config
Methods:: GET
Required Capability:: Access allowed with the "Security and infrastructure" privilege
Version Introduced:: 10.9

Description

The config resource returns the currently active security configuration for your ArcGIS Enterprise on Kubernetes deployment.

Request parameters

Parameter	Details
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

Security configuration properties

Parameter	Details
`serverRole`	The role assigned to the federated server.
`userStoreConfig`	Connection information about the currently active user store.
`roleStoreConfig`	Connection information about the currently active role store.
`tokenServiceKey`	The key used to encrypt tokens.
`enableAutomaticAccountCreation`	A Boolean that indicates whether new organization accounts will automatically be created when enterprise users access your Enterprise portal for the first time (`true`), or whether accounts will be manually created. The default value is `false`. Values: `true` \| `false`
`securityEnabled`	A Boolean that indicates whether security is enabled for any GIS service. The default value is `true`. Values: `true` \| `false`
`disableServicesDirectory`	A Boolean that indicates whether access to the services directory will be disabled. The default value is `false`. Values: `true` \| `false`
`allowedProxyHosts`	This property restricts what hosts Enterprise portal can access directly. This restriction applies to several scenarios, including when the Enterprise portal accesses resources from a server that does not support Cross-Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Use the format (.).domain.com to allow access to all machines within a specified domain. Domains must be comma-separated. Example Use dark colors for code blocksCopy `1 "allowedProxyHosts": "gisserver1.domain.com, gisserver2.domain.com, (.).example.com"`
`allowInternetCORSAccess`	Introduced at 10.9.1. A Boolean that controls the value of the Access-Control-Allow-Private-Network response header in a CORS preflight request to a portal service URL. This property was added to support the Private Network Access web specification (CORS-RFC1918) that aims to protect sites accessed over a private network from being able to make internal CORS requests. The default value is `true`. Values: `true` \| `false`

Portal properties

Parameter	Details
`webgisServerTrustKey`	A key automatically generated during site creation. This property should not be modified.
`portalSecretKey`	The key obtained after federating an ArcGIS Server to an organization.
`privatePortalUrl`	The internal service URL used to access the Portal sharing container.
`portalURL`	The organization URL.
`serverURL`	The external URL of the server federated with the organization.
`portalMode`	Must be set as `ARCGIS_PORTAL_FEDERATION`.
`serverId`	The ID of the server that is federated with the organization.

Forward proxy config

Parameter	Details
`httpProxyHost`	The forward proxy host name for http requests.
`httpsProxyHost`	The forward proxy host name for https requests.
`httpProxyPort`	The forward proxy port number for http requests.
`httpsProxyPort`	The forward proxy port number for https requests.
`httpProxyUser`	The forward proxy user name for http requests when authentication is required.
`httpsProxyUser`	The forward proxy user name for https requests when authentication is required.
`httpProxyPassword`	The forward proxy password for http requests when authentication is required.
`httpsProxyPassword`	The forward proxy password for https requests when authentication is required.
`nonProxyHosts`	A list of host names separated by `\|` that can be accessed directly and do not require the use of the proxy. Wildcards can be used for an entire domain (`*.example.com`).
`isHttpProxyPasswordEncrypted`	A Boolean that indicates whether the http proxy password is encrypted. When adding or updating the password, this property should be changed to `false`. Once saved, the password becomes encrypted and this value will be changed to `true` automatically. Values: `true` \| `false`
`isHttpProxyPasswordEncrypted`	A Boolean that indicates whether the https proxy password is encrypted. When adding or updating the password, this should be changed to `false`. Once saved, the password becomes encrypted and this value will be changed to `true` automatically. Values: `true` \| `false`

Example usage

The following is a sample request URL used to access the config resource:

Use dark colors for code blocksCopy
https://organization.domain.com/context/admin/security/config?f=pjson

JSON Response example

Use dark colors for code blocksCopy
{
  "serverRole": "HOSTING_SERVER",
  "userStoreConfig": {
    "type": "PORTAL",
    "properties": {}
  },
  "roleStoreConfig": {
    "type": "PORTAL",
    "properties": {}
  },
  "tokenServiceKey": "AIT8Nvh7J7AHWAld1RZe9/n393gLeAeq4HvTkaN5SoM=",
  "enableAutomaticAccountCreation": false,
  "allowInternetCORSAccess": true,
  "securityEnabled": true,
  "disableServicesDirectory": false,
  "portalProperties": {
    "webgisServerTrustKey": "PluSR7m7CyWo3JfOZrL2qkRAy4tvO+VNzEgKfK5gWS4=",
    "portalSecretKey": "73ccba361df243ddbfd8b697e148dc4a",
    "privatePortalUrl": "https://privateportal.domain.local:8443/arcgis/",
    "portalUrl": "https://reverseproxy.domain.com/arcgis/",
    "serverUrl": "https://reverseproxy.domain.com/gis/",
    "includeOrgIdWIthUsername": false,
    "portalMode": "ARCGIS_PORTAL_FEDERATION",
    "serverId": "T4QEbIXt66r0p5bW"
  },
  "forwardProxyConfig": {
    "httpProxyHost": "proxy.example.com",
    "httpsProxyHost": "proxy.example.com",
    "httpProxyPort": 8888,
    "httpsProxyPort": 8888,
    "httpProxyUser": "username",
    "httpProxyPassword": "password",
    "httpsProxyUser": "username",
    "httpsProxyPassword": "password",
    "nonProxyHosts": "enterprise.example.com|server.example.com",
    "isHttpProxyPasswordEncrypted": false,
    "isHttpsProxyPasswordEncrypted": false
  }
}