Update - Security Configuration | ArcGIS REST APIs

URL:: https://<root>/security/config/update
Methods:: POST
Version Introduced:: 12.0

Description

The update operation updates the security configuration, including TLS protocols and cipher suites, for your ArcGIS Video Server site.

This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site. If the authentication tier is GIS_SERVER, the ArcGIS Video Server token service is started on all server machines.

When the authentication occurs at the Web Adaptor, the server does not participate in authenticating the user.

If you updated the communication protocol as part of this operation, it takes the ArcGIS Web Adaptor 1 minute to recognize changes to the communication protocol of your site. If you want the ArcGIS Web Adaptor to immediately recognize the changes, you can reconfigure it by following the instructions in Configure ArcGIS Web Adaptor after installation.

Request parameters

Parameter	Details
`httpsProtocols`	The TLS protocols ArcGIS Video Server will use. `TLSv1.2` and `TLSv1.3` (support for `TLSv1.3` was added at 10.9) is enabled by default. You can also enable `TLSv1` and `TLSv1.1`. Values must be separated by commas. Note Ensure that the web server hosting your ArcGIS Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the ArcGIS Web Adaptor must be using Java 8 or later. Example Use dark colors for code blocksCopy `1 httpsProtocols=TLSv1.2,TLSv1.3`
`cipherSuites`	The cipher suites ArcGIS Video Server will use. The Valid cipher suites section below outlines the ciphers enabled by default, as well as valid ciphers that can be enabled. Example Use dark colors for code blocksCopy `1 cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`allowInternetCORSAccess`	A Boolean that controls the value of the Access-Control-Allow-Private-Network response header in a CORS preflight request to a REST service URL. This property supports the Private Network Access web specification (previously CORS-RFC1918), which aims to restrict websites accessed over a private network from making internal cross-origin requests. Values: `true` \| `false`
`authenticationTier`	Specifies the tier at which requests to access video services will be authenticated. Values: `WEB_ADAPTOR` \| `GIS_SERVER` \| `ARCGIS_PORTAL`
`allowDirectAccess`	A Boolean that indicates whether a user with administrator privileges can access the server through port 2180. If `true`, all users with administrative access can access the Administrator Directory and ArcGIS Video Server Manager through port 2180. If `false`, users in the identity store cannot access the server through port 2180; users must access the site through ArcGIS Web Adaptor. The default value is `true`. Before disabling administrative access on port 2180, ArcGIS Video Server must be configured to use web tier authentication (`WEB_ADAPTOR`) and at least one user in the identity store must have administrator privileges to the site. The primary site administrator account can administer the site through port 2180. To fully disable access on port 2180, you can optionally disable the primary site administrator account. If ArcGIS Video Server admin becomes unavailable or the web server cannot authenticate users who have administrator privileges, you cannot administer the site. To recover this site, re-enable the primary site administrator account and connect to the site through port 2180 with this account. Values: `true` \| `false`
`portalProperties`	The properties used when federating ArcGIS Video Server with Portal for ArcGIS. See Portal properties for more information.
`f` (Required)	The response format. The default response format is `html`. Values: `html` \| `json` \| `pjson`
`token` (Required)	Users interacting programmatically with this endpoint must generate a token that must be included as a request parameter. A token can be obtained using the Generate Token operation.

Portal properties

Property	Details
`portalMode`	The portal mode. This must be `ARCGIS_PORTAL_FEDERATION`. Example Use dark colors for code blocksCopy `1 "portalMode": "ARCGIS_PORTAL_FEDERATION"`
`portalSecretKey`	The key obtained after federating ArcGIS Video Server with Portal for ArcGIS. Example Use dark colors for code blocksCopy `1 "portalSecretKey": "12a34b56c78d90ef09e87d65c43b21a"`
`portalUrl`	The URL of Portal for ArcGIS in the following format: Example Use dark colors for code blocksCopy `1 "portalUrl": "https://organization.example.com/<context>"`
`privatePortalUrl`	The internal URL of Portal for ArcGIS is in the following format: Example Use dark colors for code blocksCopy `1 "privatePortalUrl": "https://organization.example.com:7443/arcgis"` Note For highly available envrionments, the URL would point to an internal load balancer, rather than to an individual machine: Example Use dark colors for code blocksCopy `1 "privatePortalUrl": "https://lbprivate.example.com:7443/arcgis"`
`serverId`	The ID of the server federated with the portal. Example Use dark colors for code blocksCopy `1 "serverId": "pn04lWxDPEh1vLR6"`
`serverURL`	The external URL of the server federated with the portal in the following format: Example Use dark colors for code blocksCopy `1 "serverUrl": "https://organization.example.com/<context>"`

Valid cipher suites

The following cipher suites are enabled by default:

Use dark colors for code blocksCopy
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_AES_256_GCM_SHA384,
TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

Use dark colors for code blocksCopy
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example usage

The following is a sample POST request for the update operation:

Use dark colors for code blocksCopy
POST /<context>/admin/security/config/update HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

Protocol=HTTPS&httpsProtocols=TLSv1.2,TLSv1.3&cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256&HSTSEnabled=false&virtualDirsSecurityEnabled=false&allowInternetCORSAccess=true&authenticationTier=GIS_SERVER&allowDirectAccess=true&allowedAdminAccessIPs=&f=pjson

JSON Response example

Use dark colors for code blocksCopy
{"status": "success"}