- URL:
- https://<root>/security/config
- Methods:
GET- Operations:
- Update Security Configuration, Update Identity Store, Test Identity Store
- Version Introduced:
- 10.2.1
Access requirements
Required privileges
The Portal Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Portal Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Portal Directory API. For security reasons, all POST requests made to the Portal Administrator API must include a token in the request body.
Description
The config returns the identity store information, as well as various security configurations, for an organization.
From this endpoint, administrators can access the Update Identity Store operation to configure their enterprise identity provider (Windows Domain, LDAP, etc.). Organizations are configured to use the built-in store and token-based authentication by default. Before updating the organization's identity provider, the Test Identity Provider operation can be first used to test the connection to the user and group store.
Administrators can also access the Update Security Configuration operation to update various security properties, including specifying Content-Security-Policy response headers that are used when accessing the portal, its associated applications, and the Portal Directory.
Request parameters
| Parameter | Details |
|---|---|
| The response format. The default response format is Values: |
Example usage
The following is a sample request URL used to access the config resource:
https://organization.example.com/<context>/portaladmin/security/config?f=pjsonJSON Response syntax
{
"disableServicesDirectory": <true|false>,
"enableAutomaticAccountCreation": "<true|false>",
"contentSecurityPolicy": {
"home": "<CSP response header>",
"apps": "<CSP response header>",
"sharing": "<CSP response header>"
},
"webgisServerTrustKey": "<encrypted trust key>",
"userStoreConfig": {<user store information>},
"groupStoreConfig": {<group store information>}
}JSON Response example
{
"disableServicesDirectory": false,
"enableAutomaticAccountCreation": "true",
"contentSecurityPolicy": {
"home": "frame-ancestors 'self';",
"apps": "",
"sharing": "script-src 'self';"
},
"webgisServerTrustKey": "6SfcJ1wdYeNK7WmnUx87WKscKkPXW/xNlEdBpUFceP8=",
"userStoreConfig": {
"type": "BUILTIN",
"properties": {"isPasswordEncrypted": "true"}
},
"groupStoreConfig": {
"type": "BUILTIN",
"properties": {"isPasswordEncrypted": "true"}
}
}