Skip To Content ArcGIS for Developers Sign In Dashboard

Update Security Configuration

  • URL:https://server:port/arcgis/admin/security/config/update (POST only)
  • Required Capability:Administrator
  • Version Introduced:10.1

Description

This operation updates the security configuration, including TLS protocols and cipher suites, for your ArcGIS Server site.

This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site. If the authentication tier is GIS_SERVER, the ArcGIS token service is started on all server machines.

When the authentication occurs at the Web Adaptor, the server does not participate in authenticating the user.

If you updated the communication protocol as part of this operation, it takes the Web Adaptor 1 minute to recognize changes to the communication protocol of your site. If you want the Web Adaptor to immediately recognize the changes, you can reconfigure it by following the instructions in Configure ArcGIS Web Adaptor after installation.

Note:

The userStoreConfig and roleStoreConfig properties in the JSON representation are not required for this operation.

Request parameters

ParameterDetails
securityConfig

The JSON object representing the security configuration.

httpsProtocols

The TLS protocols ArcGIS Server will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Note:

Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later.

cipherSuites

The cipher suites ArcGIS Server will use. The following are valid options:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
By default, all of the above options are enabled. Values must be separated by commas.

f

The response format. The default response format is html.

Values: html | json

Example

https://server:port/arcgis/admin/security/config/update
securityConfig={
  "Protocol": "HTTP_AND_HTTPS",
  "authenticationTier": "GIS_SERVER",
  "allowDirectAccess": "true",
  "HSTSEnabled": "false",
  "virtualDirsSecurityEnabled": "false",
  "allowedAdminAccessIPs": "",
}
httpsProtocols=TLSv1,TLSv1.1,TLSv1.2

cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA