Configuring SharePoint to work with SSL-secured sites

The components included in ArcGIS for SharePoint—the ArcGIS Map Web Part, ArcGIS Geocoding Workflow, and ArcGIS Location Field—each reference services from ArcGIS Online out of the box. By default, they access these services over http. Due to the cross-scheme restrictions of Silverlight, the default use of http introduces problems when ArcGIS for SharePoint is used within a SharePoint site that employs Secure Sockets Layer (SSL or https) protection. Since ArcGIS for SharePoint is highly configurable, all of the service endpoints used by the product can be updated to use https endpoints instead of http. This topic explains how to use HTTPS instead of HTTP.

Update configuration lists to use SSL

Much of the ArcGIS for SharePoint configuration is stored in lists, where each list item corresponds to a Web service used by the product. Updating these to use https instead of http is a simple matter of updating each list item to specify an equivalent https endpoint or deleting those items for which SSL equivalents do not exist. The specific steps to update each configuration list are as follows:

  1. Within the SSL-secured site collection, navigate to the settings page by selecting Site Settings from the Site Actions menu.
  2. Update the map services used as basemaps to point to https endpoints. These are the set of basemaps available in the Map Web Part's basemap gallery:
    Basemap gallery
    1. Under ArcGIS for SharePoint Administration, select the Basemaps link:
      Basemaps link in ArcGIS for SharePoint Administration
    2. For each list item with a basemap type of ArcGIS Server, change the Map Service URL to point to an https equivalent. If no https equivalent exists, delete it. By default, the first eight basemaps should be changed to https:
      Map service list

      These eight map services are hosted on ArcGIS Online, and each have SSL equivalents. When editing each item, make sure to update the Web address:

      Edit map service item

      While it is recommended to update the description as well, that is only used for display within the list. The Web address is the uniform resource locator (URL) that is used by ArcGIS for SharePoint. This applies to the service endpoints in this list as well as the others that need to be updated (described below).

  3. Update the default set of ArcGIS Server connections. These are the ArcGIS Server instances that appear by default in the Map Web Part's Browse panel:
    ArcGIS Server connections in Browse panel
    1. Return to the Site Settings page.
    2. Under ArcGIS for SharePoint Administration, select Connections:
      ArcGIS for SharePoint Administration links
    3. Edit the URL of any https entries to point to SSL equivalents. By default, the ArcGIS Online list item should be updated. As with the basemap URLs, make sure to update the Web address.
      Edit item drop down menu
    4. Delete any items for which https equivalents do not exist. If the sampleserver1 and sampleserver3 endpoints are included in the list, delete them:
      List of http endpoints
  4. Update the geometry service endpoint. This endpoint is used by the Map Web Part for geometric operations, such as reprojecting graphics when switching between basemaps with different spatial references.
    1. Return to the Site Settings page.
    2. Under ArcGIS for SharePoint Administration, select Geometry Service:
      ArcGIS for SharePoint Administration links
    3. Edit the URL of the geometry service list item to specify an https endpoint. If the default ArcGIS Online geometry service is listed here, it can simply be changed to https:
      Edit Geometry Service URL
  5. Update the ArcGIS Server locator services. These are used by the ArcGIS Geocoding Workflow and ArcGIS Location Field to perform address matching and address lookup (reverse address matching) operations.
    1. Return to the Site Settings page.
    2. Under ArcGIS for SharePoint Administration, select Locators:
      ArcGIS for SharePoint Administration links
    3. Change the URL of each item in the list to an https equivalent of the http endpoint specified. If no equivalent exists, delete the list item. Both ArcGIS Online locator services included by default have https equivalents.

Update configuration files to use SSL

Some of the ArcGIS for SharePoint configuration is stored in configuration files. Unlike the configuration lists, which define the configuration of sets of equivalent items, the configuration files specify relatively complex configurations, such as the default map definition and default layout of the Map Web Part. Three of these files contain references to http service endpoints. These can be changed to https as follows:

  1. From the Site Actions menu, select View All Site Content.
  2. Under Document Libraries, select ArcGIS Mapping Configuration Files:
    ArcGIS Mapping Configuration Files library
  3. Open the MapWebPartStartupMapDocument.xaml document for editing. This document specifies the map definition for new Map Web Parts. One convenient way to open it for editing is to select the Open with Explorer button from the List tab on the SharePoint Ribbon. From there, files can be opened for editing with text editors such as Notepad or integrated development environments (IDEs) such as Visual Studio. Alternatively, the file can be downloaded and edited locally, then uploaded to the document library once editing is complete.
  4. In the markup, change any layers that reference an http service endpoint to https. By default, only the URL for the ArcGISTiledMapServiceLayer needs to be updated.
    MapWebPartStartupMapDocument.xaml file
  5. Open the LocationOnMapStartupMapDocument.xaml document for editing. This document specifies the map definition for all ArcGIS Location Fields within the site collection.
  6. As with the previous document, change any http service endpoints to https. By default, the LocationOnMapStartupMapDocument.xaml document is exactly the same as MapWebPartStartupMapDocument.xaml, so with a default installation, the change specified in step 4 can be applied here as well.
  7. Open the ArcGISOnline.xml document for editing. This document defines the endpoints used by the Map Web Part for retrieving the web maps and groups provided by the Map Center. This file can be edited to specify use of an organization's ArcGIS Portal instance instead of ArcGIS Online.
  8. In the ArcGISOnline.xml file, change the URL within the Sharing element from http to https. The URL specified in the Secure element should already be https.
    <?xml version="1.0" encoding="utf-8" ?>
    <Configuration>
      <Sharing>http://www.arcgis.com/sharing/</Sharing>
      <Secure>https://www.arcgis.com/sharing/</Secure>
      <ProxyServer></ProxyServer>
      <ProxyServerEncoded></ProxyServerEncoded>
    </Configuration>
    

Once these steps have been completed, ArcGIS for SharePoint components will all work within the SSL site just as they do by default within any non-SSL site. New Map Web Parts, Geocoding Workflows, and Location Fields will all retrieve the updated configuration, using only https service endpoints and working within Silverlight's URL access restrictions.

11/30/2012