-
Notifications
You must be signed in to change notification settings - Fork 66
Security configuration ArcGIS
This page describes how to configure Geoportal Server to use ArcGIS Online or Portal for ArcGIS for authentication.
2. Uncomment the following line in app-security.xml to use file authentication-arcgis.xml for authentication
<!-- <beans:import resource="authentication-arcgis.xml"/> -->
Create groups for administrators and publishers in ArcGIS Online/Portal for ArcGIS. Make the right users member of these groups.
Create a role for administrators and publishers in ArcGIS Online/Portal for ArcGIS. Use the same prefix for the role name (for example 'ROLE_') and follow this by the 2 role names: 'ROLE_ADMIN' and 'ROLE_PUBLISHER'. The suffixes are the same as the roles used in app-security.xml in the access attribute value.
Assign the Portal role to the right users.
When these users sign into Geoportal Server using their ArcGIS Online/Portal account, they will get these roles assigned and Geoportal Server will show the appropriate functionality for the assigned role.
This section defines the server connection parameters
<beans:bean id="arcgisAuthenticationProvider" class="com.esri.geoportal.base.security.ArcGISAuthenticationProvider">
<beans:property name="appId" value="6iJ2pLIj9UwcSdfA"/>
<beans:property name="authorizeUrl" value="https://www.arcgis.com/sharing/rest/oauth2/authorize"/>
<beans:property name="createAccountUrl" value="https://www.arcgis.com/home/createaccount.html"/>
<beans:property name="expirationMinutes" value="120" />
<beans:property name="geoportalAdministratorsGroupId" value="" />
<beans:property name="geoportalPublishersGroupId" value="" />
<beans:property name="allUsersCanPublish" value="true" />
<beans:property name="rolePrefix" value="ROLE_" />
<beans:property name="showMyProfileLink" value="true" />
</beans:bean>
| Parameter Name | Description |
|---|---|
| appId | Value is the appID of the geoportal application registered with Portal for ArcGIS or ArcGIS Online |
| authorizeUrl | For ArcGIS Online, the value is https://www.arcgis.com/sharing/rest/oauth2/authorize, for Portal for ArcGIS, the value would be something like https://portalServerName/arcgis/sharing/rest/oauth2/authorize. |
| createAccountUrl | For ArcGIS Online, the value is https://www.arcgis.com/home/createaccount.html, for Portal for ArcGIS, the value would be something like https://portalServerName/arcgis/home/createaccount.html. |
| expirationMinutes | Duration for which the authentication will be valid, default is 120 minutes. |
| geoportalAdministratorsGroupId | Group id in ArcGIS Online or Portal for ArcGIS for Geoportal administrative users. |
| geoportalPublishersGroupId | Group id in ArcGIS Online or Portal for ArcGIS for Geoportal publishers. |
| allUsersCanPublish | Whether all users can publish, default is "true". |
| rolePrefix | Prefix of the role name, default is "ROLE_". |
| showMyProfileLink | Whether to show the My Profile link in Geoportal, default is "true". |
This section defines settings for the authentication manager
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="arcgisAuthenticationProvider"/>
</security:authentication-manager>
| Parameter Name | Description |
|---|---|
| alias | Alias for the authentication manager |
| ref | It references /beans:beans/beans:bean/@id above. Default value: arcgisAuthenticationProvider |