Update (Security Configuration)

URL:
https://<root>/security/config/update
Methods:
POST
Required Capability:
Access allowed with the "Security and infrastructure" privilege
Version Introduced:
10.9

Description

The update operation updates the security configuration for your ArcGIS Enterprise on Kubernetes deployment.

Request parameters

ParameterDetails

securityConfig

The JSON object representing the security configuration for ArcGIS Enterprise on Kubernetes. For information on included properties, see the Security configuration properties section below.

f

The response format. The default format is html.

Values: html | json | pjson

Security configuration properties

ParameterDetails

serverRole

The role assigned to the federated server.

userStoreConfig

Connection information about the active user store.

roleStoreConfig

Connection information about the active role store.

tokenServiceKey

The key used to encrypt tokens.

enableAutomaticAccountCreation

A Boolean that indicates whether new organization accounts will automatically be created when enterprise users access your Enterprise portal for the first time (true), or whether accounts will be manually created. The default value is false.

Values: true | false

securityEnabled

A Boolean that indicates whether security is enabled for any GIS service. The default value is true.

Values: true | false

disableServicesDirectory

A Boolean that indicates whether access to the services directory will be disabled. The default value is false.

Values: true | false

allowedProxyHosts

This property restricts what hosts Enterprise portal can access directly. This restriction applies to several scenarios, including when the Enterprise portal accesses resources from a server that does not support Cross-Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Use the format (.*).domain.com to allow access to all machines within a specified domain. Domains must be comma-separated.

Example
Use dark colors for code blocksCopy
1
"allowedProxyHosts": "gisserver1.domain.com, gisserver2.domain.com, (.*).example.com"

allowInternetCORSAccess

Introduced at 10.9.1. A Boolean that controls the value of the Access-Control-Allow-Private-Network response header in a CORS preflight request to a portal service URL. This property was added to support the Private Network Access web specification (CORS-RFC1918) that aims to protect sites accessed over a private network from being able to make internal CORS requests. The default value is true.

Values: true | false

Portal properties

ParameterDetails

portalURL

The organization URL.

privatePortalUrl

The internal service URL for accessing the portal sharing container.

portalSecretKey

The key obtained after federating an ArcGIS Server to an organization.

portalMode

Must be set as ARCGIS_PORTAL_FEDERATION.

serverId

The ID of the server that is federated with the organization.

serverURL

The external URL of the server federated with the organization.

webgisServerTrustKey

The key used for internal communication. This key is automatically generated during site creation and should not be modified.

Forward proxy config

ParameterDetails

httpProxyHost

The forward proxy host name for http requests.

httpsProxyHost

The forward proxy host name for https requests.

httpProxyPort

The forward proxy port number for http requests.

httpsProxyPort

The forward proxy port number for https requests.

httpProxyUser

The forward proxy user name for http requests when authentication is required.

httpsProxyUser

The forward proxy user name for https requests when authentication is required.

httpProxyPassword

The forward proxy password for http requests when authentication is required.

httpsProxyPassword

The forward proxy password for https requests when authentication is required.

nonProxyHosts

A list of host names separated by | that can be accessed directly and do not require the use of the proxy. Wildcards can be used for an entire domain (*.example.com).

isHttpProxyPasswordEncrypted

A Boolean that indicates whether the http proxy password is encrypted. When adding or updating the password, this property should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically.

Values: true | false

isHttpProxyPasswordEncrypted

A Boolean that indicates whether the https proxy password is encrypted. When adding or updating the password, this should be changed to false. Once saved, the password becomes encrypted and this value will be changed to true automatically.

Values: true | false

Example usage

The following is a sample POST request for the update operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
POST /context/admin/security/config/update HTTP/1.1
Host: organization.domain.com
Content-Type: application/x-wwww-form-urlencoded
Content-Length: []

securityConfig={
  "serverRole": "HOSTING_SERVER",
  "userStoreConfig": {
    "type": "BUILTIN",
    "properties": {}
  },
  "groupStoreConfig": {
    "type": "BUILTIN",
    "properties": {}
  },
  "tokenServiceKey": "CXlyzoKXH71nE/ip/2lF1aLUbjFBAyaQ2xV8UtkNH8o=",
  "enableAutomaticAccountCreation": false,
  "securityEnabled": true,
  "allowInternetCORSAccess": true,
  "disableServicesDirectory": false,
  "portalProperties": {
    "webgisServerTrustKey": "cTKqfkFoXdl2tHJdIoCIoxtAfuN8bAo1BoQqcADMkFY=",
    "portalSecretKey": "d9f410f2f71240aab64dea54e6f983fe",
    "privatePortalUrl": "https://privateportal.domain.local:8443/arcgis/",
    "portalUrl": "https://organization.domain.com/context/",
    "serverUrl": "https://organization.domain.com/context/",
    "includeOrgIdWIthUsername": false,
    "portalMode": "ARCGIS_PORTAL_FEDERATION",
    "serverId": "rXPmB6CgeHlyG9sC"
  },
  "forwardProxyConfig": {
    "httpProxyHost": "proxy.example.com",
    "httpsProxyHost": "proxy.example.com",
    "httpProxyPort": 8888,
    "httpsProxyPort": 8888,
    "httpProxyUser": "username",
    "httpProxyPassword": "password",
    "httpsProxyUser": "username",
    "httpsProxyPassword": "password",
    "nonProxyHosts": "enterprise.example.com|server.example.com",
    "isHttpProxyPasswordEncrypted": false,
    "isHttpsProxyPasswordEncrypted": false
  }
}&f=pjson&token=m7zGSezM7znt6ZuIwr827imJxOTSDsjYujVdd7SiAQLYG1HmesG8EbSnTwCbiekEh0QwRdmeyp1hP63M60TPrdZQ2NzIg5G7qFaQh40MdiOCfh60-6oPKC2MNoqwdVDZ3srzreVZb66QofWXws8GMrKWkgP45A-2an5crKvReUo-pwvkzm68W87Q0yPJFA2Kww39UnMYNw-5qd2-Bt04VmkrqKI-lCbA-jFZY_UGzeGzNqnBGrjKuVB_q17HogMw

JSON Response example

Use dark colors for code blocksCopy
1
{"status": "success"}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.