- URL:https://<root>/security/config
- Operations:Update, Test Identity Store, Update Identity Store
- Required Capability:Default administrator role | Security and infrastructure
- Version Introduced:10.9
Description
This resource returns the currently active security configuration for your ArcGIS Enterprise on Kubernetes deployment.
Request parameters
Parameter | Details |
---|---|
f | The response format. The default format is html. Values: html | json | pjson |
Security configuration properties
Parameter | Details |
---|---|
serverRole | The role assigned to the federated server. |
userStoreConfig | Connection information about the currently active user store. |
roleStoreConfig | Connection information about the currently active role store. |
tokenServiceKey | The key used to encrypt tokens. |
enableAutomaticAccountCreation | A Boolean that indicates whether new organization accounts will automatically be created when enterprise users access your Enterprise portal for the first time (true), or whether accounts will be manually created. The default value is false. Values: true | false |
securityEnabled | A Boolean that indicates whether security is enabled for any GIS service. The default value is true. Values: true | false |
disableServicesDirectory | A Boolean that indicates whether access to the services directory will be disabled. The default value is false. Values: true | false |
allowedProxyHost | This property restricts what hosts Enterprise portal can access directly. This restriction applies to several scenarios, including when the Enterprise portal accesses resources from a server that does not support Cross-Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Use the format (.*).domain.com to allow access to all machines within a specified domain. |
allowInternetCORSAccess | Introduced at 10.9.1. A Boolean that controls the value of the Access-Control-Allow-Private-Network response header in a CORS preflight request to a portal service URL. This property was added to support the Private Network Access web specification (CORS-RFC1918) that aims to protect sites accessed over a private network from being able to make internal CORS requests. The default value is true. Values: true | false |
Portal properties
Parameter | Details |
---|---|
webgisServerTrustKey | A key automatically generated during site creation. This property should not be modified. |
portalSecretKey | The key obtained after federating an ArcGIS Server to an organization. |
privatePortalUrl | The internal service URL used to access the Portal sharing container. |
portalURL | The organization URL. |
serverURL | The external URL of the server federated with the organization. |
portalMode | Must be set as ARCGIS_PORTAL_FEDERATION. |
serverId | The ID of the server that is federated with the organization. |
Forward proxy config
Parameter | Details |
---|---|
httpProxyHost | The forward proxy host name for http requests. |
httpsProxyHost | The forward proxy host name for https requests. |
httpProxyPort | The forward proxy port number for http requests. |
httpsProxyPort | The forward proxy port number for https requests. |
httpProxyUser | The forward proxy user name for http requests when authentication is required. |
httpsProxyUser | The forward proxy user name for https requests when authentication is required. |
httpProxyPassword | The forward proxy password for http requests when authentication is required. |
httpsProxyPassword | The forward proxy password for https requests when authentication is required. |
nonProxyHosts | A list of host names separated by | that can be accessed directly and do not require the use of the proxy. Wildcards can be used for an entire domain (*.example.com). |
isHttpProxyPasswordEncrypted | A Boolean that indicates whether the http proxy password is encrypted. When adding or updating the password, this property should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically. Values: true | false |
isHttpProxyPasswordEncrypted | A Boolean that indicates whether the https proxy password is encrypted. When adding or updating the password, this should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically. Values: true | false |
Example usage
The following is a sample request URL used to access the config resource:
https://organization.domain.com/context/admin/security/config?f=pjson
JSON Response example
{
"serverRole": "HOSTING_SERVER",
"userStoreConfig": {
"type": "PORTAL",
"properties": {}
},
"roleStoreConfig": {
"type": "PORTAL",
"properties": {}
},
"tokenServiceKey": "AIT8Nvh7J7AHWAld1RZe9/n393gLeAeq4HvTkaN5SoM=",
"enableAutomaticAccountCreation": false,
"allowInternetCORSAccess": true,
"securityEnabled": true,
"disableServicesDirectory": false,
"portalProperties": {
"webgisServerTrustKey": "PluSR7m7CyWo3JfOZrL2qkRAy4tvO+VNzEgKfK5gWS4=",
"portalSecretKey": "73ccba361df243ddbfd8b697e148dc4a",
"privatePortalUrl": "https://privateportal.domain.local:8443/arcgis/",
"portalUrl": "https://reverseproxy.domain.com/arcgis/",
"serverUrl": "https://reverseproxy.domain.com/gis/",
"includeOrgIdWIthUsername": false,
"portalMode": "ARCGIS_PORTAL_FEDERATION",
"serverId": "T4QEbIXt66r0p5bW"
},
"forwardProxyConfig": {
"httpProxyHost": "proxy.example.com",
"httpsProxyHost": "proxy.example.com",
"httpProxyPort": 8888,
"httpsProxyPort": 8888,
"httpProxyUser": "username",
"httpProxyPassword": "password",
"httpsProxyUser": "username",
"httpsProxyPassword": "password",
"nonProxyHosts": "enterprise.example.com|server.example.com",
"isHttpProxyPasswordEncrypted": false,
"isHttpsProxyPasswordEncrypted": false
}
}