- URL:
- https://<security-url>/config
- Methods:
GET
- Required Capability:
- Administrator
- Version Introduced:
- 10.8
Description
This resource returns the currently active security configuration. A security configuration involves the following pieces of information.
Security configuration properties
Parameter | Details |
---|---|
(Allowed Administration Access IPs) | A comma separated list of client machine IP addresses that are allowed access to ArcGIS Server. This can be used as an additional security measure to prevent unauthorized access to the site. |
(Allow direct administrator access) | A boolean that indicates if a user with administrator privileges can access the server through port 6080. If Before disabling administrative access on port 6080, ArcGIS Server must be configured to use web tier authentication (WEB_ADAPTOR) and at least one user in the identity store must have administrator privileges to the site. The primary site administrator account will still be able to administer the site through port 6080. To fully disable access on port 6080, you can optionally disabled the primary site administrator account. If ArcGIS Server Manager becomes unavailable or the web server is unable to authenticate users that have administrator privileges, you will be unable to administer your site. To recover from this site, re-enable the primary site administrator account and connect to the site through port 6080 with this account. Values: |
(Authentication Mode) | Specifies the authentication mode used by ArcGIS Server. When ArcGIS Server is federated with Portal for ArcGIS, this property can be included and set to Values: |
(Authentication Tier) | The tier at which requests to access GIS services will be authenticated. It is recommended that you do not modify these values using the Administrator Directory. Instead, use ArcGIS Server Manager to configure web tier authentication or use the Portal for ArcGIS website to federate ArcGIS Server with your portal. Values: |
(HSTS Enabled) | A boolean that indicates if HTTP Strict Transport Security (HSTS) is being used by the site. See Enforce strict HTTPS communication for more information. In order for this property to be enabled, the Protocol property must already be set to use HTTPS only. Values: true | false |
(HTTP Enabled) | A boolean that indicates if the site is accessible over HTTP. Values: true | false |
(Protocol) | Specifies the HTTP protocol to be used for communication to and from the ArcGIS Server site. If set to When you initially create your ArcGIS Server site, all communication in the site is sent over HTTP, which is not secure. This means that your credentials sent over an internal network or the Internet are not encrypted and can be intercepted. To prevent the interception of any communication, it's recommended that you configure ArcGIS Server and ArcGIS Server Manager (if installed) to enforce Secure Sockets Layer (SSL). When you initially create your site, you'll see a warning-level message in the logs recommending that you update the communication protocol of your site to use SSL. Values: |
(Role Store) | Connection information about the currently active role store. Example
|
(Security Enabled) | A boolean that indicates if security is enabled for any GIS service. The default value is Values: |
(SSL Enabled) | A boolean that indicates if the site is accessible over HTTPS (SSL). The default value is Values: |
(User Store) | Connection information about the currently active user store. Example
|
(Virtual Directories Security Enabled) | A boolean that indicates if the server's virtual directories are secured and require authentication. If Values: |
(Portal Properties) | Specified when federating ArcGIS Server with Portal for ArcGIS. See the Portal properties for more information. |
Portal properties
Parameter | Details |
---|---|
(Portal Mode) | Must be set as Example
|
(Portal Secret Key) | The key obtained after federating ArcGIS Server with Portal for ArcGIS. Example
|
(Portal URL) | The URL of Portal for ArcGIS in the following format:
|
(Referer) | The referer specified when generating the token. |
(Server ID) | The ID of the server federated with the portal. Example
|
(Server URL) | External URL of the server federated with the portal in the following format: Example
|
(Token) | A token obtained from Portal for ArcGIS for use by ArcGIS Server for initial validation. |
Request parameters
Parameter | Details |
---|---|
| The response format. The default response format is Values: |
Example usage
Below is a sample request URL for the config
resource:
https://machine.domain.com/webadaptor/admin/security/config?f=json
JSON Response syntax
{
"securityEnabled": <true|false>,
"Protocol": "<HTTP>|<HTTP_AND_HTTPS>|<HTTPS>",
"httpEnabled": <true|false>,
"HSTSEnabled": <true|false>,
"sslEnabled": <true|false>,
"virtualDirsSecurityEnabled": <true|false>,
"allowDirectAccess": <true|false>,
"authenticationMode": "<Authentication Mode>",
"authenticationTier": "<Authentication Tier>",
"userStoreConfig": <UserStore>,
"roleStoreConfig": <RoleStore>,
"allowedAdminAccessIPs": "<Comma separated list of allowed IP addresses>",
"portalProperties": {
"portalUrl": "<Portal URL>",
"portalSecretKey": "<Portal Secret Key>",
"portalMode": "ARCGIS_PORTAL_FEDERATION",
"serverId": <ServerID>,
"serverUrl": <ServerURL>,
"token": <token>,
"referer": <referer>
}
}
JSON Response example
{
"securityEnabled": true,
"authenticationMode": "ARCGIS_TOKEN",
"authenticationTier": "GIS_SERVER",
"userStoreConfig": {
"type": "BUILTIN",
"properties": {}
},
"roleStoreConfig": {
"type": "BUILTIN",
"properties": {}
},
"sslEnabled": true,
"HSTSEnabled": true,
"httpsProtocols": "TLSv1.2,TLSv1.1",
"cipherSuites": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA",
"httpEnabled": false,
"virtualDirsSecurityEnabled": false,
"allowDirectAccess": true,
"serverRole": "STANDALONE_SERVER"
}