Skip To Content

Update Security Configuration

Description

This operation updates the security configuration, including TLS protocols and cipher suites, for your ArcGIS Server site.

This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site. If the authentication tier is GIS_SERVER, the ArcGIS token service is started on all server machines.

When the authentication occurs at the Web Adaptor, the server does not participate in authenticating the user.

If you updated the communication protocol as part of this operation, it takes the ArcGIS Web Adaptor 1 minute to recognize changes to the communication protocol of your site. If you want the ArcGIS Web Adaptor to immediately recognize the changes, you can reconfigure it by following the instructions in Configure ArcGIS Web Adaptor after installation.

Nota:

The userStoreConfig and roleStoreConfig properties in the JSON representation are not required for this operation.

Request parameters

ParameterDetails
securityConfig

The JSON object representing the security configuration.

httpsProtocols

The TLS protocols ArcGIS Server will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Nota:

Ensure that the web server hosting your ArcGIS Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the ArcGIS Web Adaptor must be using Java 8 or later.

Example

httpsProtocols=TLSv1,TLSv1.1,TLSv1.2
cipherSuites

The cipher suites ArcGIS Server will use. By default, all of the below options are enabled. Values must be separated by commas. The following are valid options:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

Example

cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
f

The response format. The default response format is html.

Values: html | json| pjson

Example usage

Below is a sample POST request for update, formatted for readability:


POST /webadaptor/admin/security/config/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

securityConfig={
  "Protocol": "HTTP_AND_HTTPS",
  "authenticationTier": "GIS_SERVER",
  "allowDirectAccess": "true",
  "HSTSEnabled": "false",
  "virtualDirsSecurityEnabled": "false",
  "allowedAdminAccessIPs": ""
}&httpsProtocols=TLSv1,TLSv1.1,TLSv1.2&cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA&f=json

JSON Response example

{"status": "success"}