- URL:https://<config-url>/update
(POST only)
- Required Capability:Default administrator role | Security and Infrastructure | Servers
- Version Introduced:10.1
Description
This operation updates the security configuration, including TLS protocols and cipher suites, for your ArcGIS Server site.
This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site. If the authentication tier is GIS_SERVER, the ArcGIS token service is started on all server machines.
When the authentication occurs at the Web Adaptor, the server does not participate in authenticating the user.
If you updated the communication protocol as part of this operation, it takes the ArcGIS Web Adaptor 1 minute to recognize changes to the communication protocol of your site. If you want the ArcGIS Web Adaptor to immediately recognize the changes, you can reconfigure it by following the instructions in Configure ArcGIS Web Adaptor after installation.
Note:
The userStoreConfig and roleStoreConfig properties in the JSON representation are not required for this operation.
Request parameters
Parameter | Details |
---|---|
securityConfig | The JSON object representing the security configuration. |
httpsProtocols | The TLS protocols ArcGIS Server will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas. Note:Ensure that the web server hosting your ArcGIS Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the ArcGIS Web Adaptor must be using Java 8 or later. Example
|
cipherSuites | The cipher suites ArcGIS Server will use. By default, all of the below options are enabled. Values must be separated by commas. The following are valid options:
Example
|
f | The response format. The default response format is html. Values: html | json| pjson |
Example usage
Below is a sample POST request for update, formatted for readability:
POST /webadaptor/admin/security/config/update HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
securityConfig={
"Protocol": "HTTP_AND_HTTPS",
"authenticationTier": "GIS_SERVER",
"allowDirectAccess": "true",
"HSTSEnabled": "false",
"virtualDirsSecurityEnabled": "false",
"allowedAdminAccessIPs": ""
}&httpsProtocols=TLSv1,TLSv1.1,TLSv1.2&cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA&f=json
JSON Response example
{"status": "success"}