Enabling security

Enabling Security

Enabling Security is the last step in configuring security for your ArcGIS Server. Refer Configuring Security Overview for the steps to complete before enabling security. To enable security, click the Security panel in ArcGIS Server Manager then click the Security for GIS Services tab.

To enable security on your ArcGIS Server, you need to click the check box on this page and choose the authentication scheme for securing your ArcGIS services.

ArcGIS Server provides two authentication schemes to secure your ArcGIS services: Java Enterprise Edition Managed Authentication and ArcGIS Managed Authentication based on tokens.

Java Enterprise Edition Managed Authentication

The permission information is written to the WEB.xml file for the service handler applications (REST and Web services) deployed in the internal Java Enterprise Edition containers. The internal Web container will challenge user requests to the secured ArcGIS services.

Note:

This authentication mechanism is available only when the principal store is configured to be the default database.

Note:

When using this authentication mechanism, you need to have at least one role access to a resource (which can be a folder or a service).

Note:

The Special Roles (Everyone, Authenticated, and Anonymous) are not applicable to Java Enterprise Edition Managed Authentication. When Java Enterprise Edition Managed Authentication is enabled, these roles should not be used. These roles can only be used with ArcGIS Managed Authentication based on Tokens.

Note:

Every time you change the permissions on a resource and you are using Java Enterprise Edition Managed Authentication, you need to click the Save button on the Security for GIS Services tab under the Security > Settings page. This will redeploy the service handlers with the updated privileges.

ArcGIS Managed Authentication based on Tokens

When you select ArcGIS Managed Authentication based on Tokens, you will also need to set up your token service. You can start a token service on your local ArcGIS Server or choose to use an ArcGIS token service that is running on a remote instance of ArcGIS Server.

Note:

This authentication mechanism is available when the principal store is configured to use any of the supported data stores.

To start a token service on your ArcGIS Server instance, you need to configure the expiration times and enter a key (text string) that the token service will use to encrypt the tokens.

For more information on tokens and the token service, see Tokens and token services.

Disabling security

Caution:

If you disable security, all your ArcGIS Web services and applications will be accessible to everyone.

To disable security, perform the following steps:

1. Stop the ArcGIS server object manager (SOM) process.
2. Using a text editor, open the file Server.dat located in /<arcgis_home>/server/system. Change the value of the element SecurityEnabled to false and save the changes.
3. Start the SOM.
4. Log in to ArcGIS Server Manager. Navigate to the Security > Settings page. On the Security for GIS Services tab, verify that the check box Enable security for GIS Services is unchecked
5. Click the Save button to disable security.