- URL:
- https://<root>/security/config/testIdentityStore
- Methods:
- POST
- Version Introduced:
- 10.9
Description
The test  operation can be used to test the connection to a user or role (group) store.
Request parameters
| Parameter | Details | 
|---|---|
| 
 | Specifies the user store properties. This parameter accepts as input all the properties as defined in the userStoreConfig and roleStoreConfig properties section below. | 
| 
 | Specifies the role (group) store properties. This parameter accepts as input all the properties as defined in the userStoreConfig and roleStoreConfig properties section below. | 
| 
 | The response format. The default format is  Values:  | 
userStoreConfig and roleStoreConfig properties
| Parameter | Details | 
|---|---|
| 
 | The password for the domain account. Example  | 
| 
 | Indicates whether the  Values:  | 
| 
 | A user account with at least read permissions to look up the email addresses and usernames of users in your organization. If possible, use an account whose password does not expire. Example  | 
| 
 | The attribute in Windows Active Directory or LDAP that contains the user's full name. Example  | 
| 
 | The URL to your LDAP that points to the user accounts. The URL to your LDAP will need to be provided by your LDAP administrator. Although both LDAP and LDAPS URLs are supported, LDAPS is recommended to ensure encrypted network traffic between your deployment and the LDAP server. If LDAPS is not available, a LDAP URL can be used. However, traffic will be sent in clear text. This property is not applicable when configuring Windows Active Directory. Example  | 
| 
 | The URL to your LDAP that points to the roles. The URL to your LDAP will need to be provided by your LDAP administrator. Although both LDAP and LDAPS URLs are supported, LDAPS is recommended to ensure encrypted network traffic between the portal and the LDAP server. If LDAPS is not available, a LDAP URL can be used. However, the traffic will be sent in clear text. This property is not applicable when configuring Windows Active Directory. Example  | 
| 
 | The attribute in Windows Active Directory or LDAP that contains the email addresses of the users. Example  | 
| 
 | The LDAP attribute of the user entry that is to be treated as the username. This property is not applicable when configuring Windows Active Directory. Example  | 
| 
 | When using LDAP and PKI, you'll need to specify the value for  | 
| 
 | If your Windows Active Directory is configured to be case sensitive, set this property to  Values:  | 
| 
 | This property controls whether LDAP referrals are followed when ArcGIS Enterprise on Kubernetes queries domain controllers for user or group information. By default, this is set to  Values:  | 
| 
 | A comma-separated list of one or more host names or IP addresses for the domain controllers to be used by ArcGIS Enterprise on Kubernetes. This property is required if the user or role (group) store  | 
| 
 | The host name or IP address of one or more domain controllers for specific domains. In a multidomain environment, this is needed to link domain names to specific domain controllers. Multiple domains can be listed along with multiple host names or IP addresses for each domain. This property is required if the user or role (group) store  Syntax for multiple domains  | 
| 
 | This property is only applicable when configuring the role (group) store. By default, each time an enterprise user signs in to portal, the groups are refreshed automatically. If this behavior adversely affects login performance, it can be disabled by setting the value of this parameter to  Values:  | 
| 
 | This property is only applicable when configuring the role (group) store. ArcGIS Enterprise on Kubernetes periodically refreshes all user memberships. This parameter determines the interval at which the refresh repeats. The default value is 24 (hours). | 
| 
 | This property is only applicable when configuring the role (group) store. This parameter determines the start time of the periodic fresh. The format is a 24-hour clock string. The default time is midnight ("00:00"). The refresh operation may be computationally expensive, so it is recommended that the refresh time not be during business hours when the portal may be busy. | 
| 
 | This property is only applicable when configuring the user store with Windows Active Directory and using portal-tire authentication to sign in. By default,  Values:  | 
| 
 | This property applies to Windows Active Directory only. It enforces encrypted communication between ArcGIS Enterprise on Kubernetes and Active Directory. When the property is set to  Values:  | 
| 
 | This property applies to both Windows Active Directory and LDAP. This property can be used to return the actual first name value stored in the windows Active Directory or LDAP identity store. | 
| 
 | This property applies to both Windows Active Directory and LDAP. This property can be used to return the actual last name value stored in the Windows Active Directory or LDAP identity store. | 
Example usage
The following is a sample POST request for the test  operation:
POST /context/admin/security/config/testIdentityStore HTTP/1.1
Host: organization.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
userStoreConfig={
  "type": "WINDOWS",
  "properties": {
    "userPassword": "secret",
    "isPasswordEncrypted": "false",
    "user": "mydomain\\winaccount",
    "userFullnameAttribute": "displayName",
    "userEmailAttribute": "mail",
    "userGivenNameAttribute": "givenName",
    "userSurnameAttribute": "sn",
    "caseSensitive": "false",
    "domainControllerAddress": "10.50.4.36, 10.48.4.1",
    "domainControllerMaping": "uc.esri.com=10.50.4.134, 10.50.4.133; esri.com=10.50.4.36, 10.48.4.1"
  }
}&roleStoreConfig={
  "type": "WINDOWS",
  "properties": {
    "isPasswordEncrypted": "true",
    "userPassword": "xxx",
    "user": "mydomain\\winaccount",
    "domainControllerAddress": "10.50.4.36, 10.48.4.1",
    "domainControllerMaping": "uc.esri.com=10.50.4.134, 10.50.4.133; esri.com=10.50.4.36, 10.48.4.1"
  }
}&f=pjson&token=Mb0ORrkLObNO2Q8FZoUCHHzSMzZi0CbhLHNRYMqqa6URG_ojQJF3rNsJAfRB23MyCrLwSmuaHPUo4AEIrUuoH1-4Ot5xh4565FtlQahXAhK2C7Sy0oydZhBwD8KdFSnVlnLr-e9uI5ovSWZ2lGNn9SwoV2MPMzeAh_5r-q-wgwF8DTT_nhuCXJGkMRy-48jjGS2aN5FI18STHZ8RAuKxGasH90SI3C7njZzlGCUrY5m6BDhCMsdpZA14GwNX8CisJSON Response example
{"status": "success"}