Configuring HTTP Client

Owned by Cooper Labenske
Last updated: Aug 08, 2022 by Heather Geyer

HTTP Client provides a set of configuration options needed for accessing external resources via the HTTP protocol. This requires configuration of a forward proxy, authentication on an ArcGIS Server and Portal or HTTPS settings. HTTP Client provides full support for HTTP over Secure Sockets Layer (SSL).

NOTE: if an ArcGIS Server requires Windows Authentication, you will need to configure authentication on the HTTP Client in order to be able to index services on that server.

To configure HTTP Client, go to Manage Voyager > Discovery and select HTTP Client. In the HTTP Client page, enter the following information:

SSL

These settings determine which SSL certificates Voyager accepts. There are three options:

  • Default_Settings 
    These are the standard settings provided by Apache HttpClient

  • Trust_Any_SSL
    Allows certificates from any third-party SSL Socket Factory

  • Trust_Self_Signed_SSL
    Allows self-signed certificates from any third-party SSL Socket Factory

Proxy

  • Choose whether or not to use the System proxy settings. If you do not use the System settings you can explicitly set up a proxy host or IP address and a proxy port number. You can specify the hosts that will bypass the proxy (No proxy for).

  • You can also choose Use automatic proxy configuration and specify the URL with the proxy configuration script (usually .pac script).

Authentication

Choose an authentication scheme to support:

  • Support Client Certificate  
    This option requires a Private Key and a Password. A CA certificate is optional

  • Support NTLM
    This option will restrict security to the NTLM protocol and not the stronger Kerberos protocol

  • Support Negotiate 
    This option selects either Kerberos or NTLM, and defaults to NTLM if Kerberos is unavailable.

    • Kerboros is usually the preferred security scheme since it is more robust and is designed for systems communicating over a network using HTTP.  Note that you cannot select Kerberos directly - it is only available when using the Negotiate package.

    • NTLM is a challenge-response scheme for Windows networks. NTLMv2 is preferred, as earlier versions are extremely vulnerable to password cracking.

URL

Enter the URL for the Server.

Scheme

Select a value for the Authentication scheme:

  • Any - will use any available scheme

  • Basic - uses unencrypted username/password

  • NTLM - uses the NTLM authentication scheme

  • Negotiate - uses the either the Kerberos or NTLM authentication scheme

Realm

  • For Kerberos schemes, the Realm is created by an Administrator, and is roughly equivalent to a Windows Workgroup.  The Realm defines all of the resources that Kerberos manages.  Both your host and the target server must be in the same Realm.

  • For NTLM, there is no equivalent to the Kerberos Realm.  Instead, it uses the domain name of the server in place of the Realm.

Username and Password 

  • Check Support NTLM or Support Negotiate to support NTLM/Negotiate authentication schemas.

  • Check Use System Credentials (Windows NTLM/Negotiate) to use the system's settings instead of your own login credentials

  • When you are done with configuration, click Add to add the server to Voyager.

Test

Use this field to test your HTTP Client configuration and verify if Voyager is able to access external web services.