Update Security Configuration

Description

Updates the security configuration, including SSL protocols and cipher suites, for your ArcGIS Server site.

This operation will cause the SOAP and REST service endpoints to be redeployed (with new configuration) on every server machine in the site. If the authentication tier is GIS_SERVER, then the ArcGIS token service is started on all server machines.

When the authentication occurs at the Web Adaptor, the GIS server does not participate in authenticating the user.

If you updated the communication protocol as part of this operation, it takes the Web Adaptor one minute to recognize changes to the communication protocol of your site. If you want the Web Adaptor to immediately recognize the changes, you can reconfigure it by following the instructions in Configuring the Web Adaptor after installation.

NoteNote:

The userStoreConfig and roleStoreConfig properties in the JSON representation are not required for this operation.

Request Parameters

Parameter

Details

securityConfig

Description: The JSON object representing the security configuration.

httpsProtocols

The SSL protocols ArcGIS Server will use. Valid options are TLSv1, TLSv1.1, and TLSv1.2; values must be comma separated. By default, these options are all enabled.

NoteNote:

If you are planning to disable TLSv1 from the site, you need to ensure the web server hosting the Web Adaptor is able to fully communicate over TLSv1.1 or TLSv1.2. If you are using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8.

cipherSuites

The cipher suites ArcGIS Server will use. Valid options are:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
By default, all of the above options are enabled. Values must be comma separated

f

Description: The response format. The default response format is html.

Values: html | json

Example Usage

http://server:port/arcgis/admin/security/config/update
securityConfig={
  "Protocol": "HTTP_AND_HTTPS",
  "authenticationTier": "GIS_SERVER",
  "allowDirectAccess": "true",
  "virtualDirsSecurityEnabled": "false",
  "allowedAdminAccessIPs": "",
}
httpsProtocols=TLSv1,TLSv1.1,TLSv1.2

cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

7/5/2017