Configuring HTTP Client in HQ

Owned by Cooper Labenske
Last updated: Apr 05, 2022
3 min read

HTTP Client provides a set of configuration options needed for accessing external resources via the HTTP protocol. This requires configuration of a forward proxy, authentication on an ArcGIS Server and Portal or HTTPS settings. HTTP Client provides full support for HTTP over Secure Sockets Layer (SSL).

SSL

 

These settings determine which SSL certificates Voyager accepts. There are three options:

  • Default Settings 
    These are the standard settings provided by Apache HttpClient

  • Trust Any SSL
    Allows certificates from any third-party SSL Socket Factory

  • Trust Self Signed SSL
    Allows self-signed certificates from any third-party SSL Socket Factory

Proxy

 

  • Choose whether or not to use the System proxy settings. If you do not use the System settings you can explicitly set up a proxy host or IP address and a proxy port number. 

  • You can also choose Use automatic proxy configuration and specify the URL with the proxy configuration script (usually .pac script).

  • Choose Custom Settings to customize configuration, including Bypass settings.

Authentication

 

Choose an authentication scheme to support:

  • Support NTLM
    This option will restrict security to the NTLM protocol and not the stronger Kerberos protocol

  • Support Negotiate 
    This option selects either Kerberos or NTLM, and defaults to NTLM if Kerberos is unavailable.

    • Kerboros is usually the preferred security scheme since it is more robust and is designed for systems communicating over a network using HTTP.  Note that you cannot select Kerberos directly - it is only available when using the Negotiate package.

    • NTLM is a challenge-response scheme for Windows networks. NTLMv2 is preferred, as earlier versions are extremely vulnerable to password cracking.

Adding Authentication

 

Click Add Authentication to add a domain to authenticate.

URL

Enter the URL for the Server.

Scheme

Select a value for the Authentication scheme:

  • Basic - uses unencrypted username/password

  • NTLM - uses the NTLM authentication scheme

  • Negotiate - uses the either the Kerberos or NTLM authentication scheme

Realm

  • For Kerberos schemes, the Realm is created by an Administrator, and is roughly equivalent to a Windows Workgroup.  The Realm defines all of the resources that Kerberos manages.  Both your host and the target server must be in the same Realm.

  • For NTLM, there is no equivalent to the Kerberos Realm.  Instead, it uses the domain name of the server in place of the Realm.

Use System Credentials

Select the Use System Credentials to use the NTLM/Negotiate system settings.