Skip to main content

Configure workflow management services

You can configure workflow management services to enable a scalable workflow management system that automates and simplifies many aspects of performing and managing GIS and non-GIS work in an organization. For more information about these services and how to use them, see Introduction to ArcGIS Workflow Manager.

License:

To configure workflow management services, you must have an ArcGIS Workflow Manager Services on Kubernetes license.

Enable workflow management services

To enable workflow management services, complete the following steps:

  1. Sign in to ArcGIS Enterprise Manager and click the Capabilities button in the sidebar.

  2. Turn on the Workflow management services toggle button.

Customize the Workflow Manager configuration

As an administrator, you can add and manage properties using the REST API to configure custom settings for ArcGIS workflow management services and the web app.

Administrative parameters

The following parameters can be added to define custom attributes.

Parameter

Description

Example format

arcadeExpressionTimeout

Controls how long Arcade expressions will attempt to evaluate.

arcadeExpressionTimeout = 10 seconds

featureBatchSize

Controls how many edits are done at a time for specific operations. For example, creating jobs from an array.

featureBatchSize = 100

webRequestTimeout

Controls how long a web request will attempt to be sent before failing in the Send Web Request step and template.

webRequestTimeout = 1 minute

webhookTokenExpiration

Controls how long the token used in the Send Web Request step or template will be valid.

webhookTokenExpiration = 30 minutes

webhookMaxAttachmentSize

Controls the maximum size allowed for attached responses on a job.

webhookMaxAttachmentSize = 10m

LogRetentionPeriod

Controls the frequency of when log messages in the web app are deleted by the cleanup task. This property is set to seven days by default.

This property does not alter the frequency of when Workflow Manager Server logs are deleted.

LogRetentionPeriod = 7 days

jobAutoExecutionLimit

Controls the number of jobs that will automatically execute upon creation at one time.

jobAutoExecutionLimit = 25

allowUnsecureWebhooks

Controls whether incoming webhooks require header security. This property is set to false by default.

Caution:

Setting this property to true allows anyone with the webhook URL to create jobs in the web app.

allowUnsecureWebhooks = false

webRequestAllowLocal

Controls whether the Send Web Request step permits requests to localhost.

webRequestAllowlocal = false

webRequestAllowedProtocols

Controls which protocol is permitted during the Send Web Request step.

webRequestAllowedProtocols = ["https"]

webRequestBlockedHosts

Controls which hosts are blocked from receiving web requests during the Send Web Request step. All addresses to the blocked host must be listed including IPv4, IPv6 and hostname.

webRequestBlockedHosts = ["169.254.169.254/32", "127.0.0.1/32", "1/128", "0.0.0.0", "169.254.169.254/32"]

Note:

0.0.0.0 and 169.254.169.254/32 are blocked by default.

webRequestBlockedPorts

Controls which ports are blocked during the Send Web Request step.

webRequestBlockedPorts = ["80", "81"]

webRequestEnforceValidDomain

Controls which request headers will be blocked during the false by default.

webRequestEnforceValidDomain = false

webRequestRestrictedHeaders

Controls which request headers are blocked during the Send Web Request step.

webRequestRestrictedHeaders = ["Content-Length", "Content-Location", "Forwarded", "From", "Host", "Referer", "Referer-Policy", "User-Agent", "Via", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "Strict-Transport-Security", "X-Frame-Options", "X-XSS-Protection", "X-Content-Type-Options", "Access-Control-Allow-Origin", "Content-Security-Policy", "Origin"]

pekko.ssl-config.enabledCipherSuites

Controls the allowed cipher suites.

pekko.ssl-config.enabledCipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"]

pekko.ssl-config.enabledProtocols

Controls the allowed TLS protocols.

pekko.ssl-config.enabledProtocols = ["TLSv1.2"]

play.filters.enabled += "play.filters.cors.CORSFilter"

Enables CORS.

N/A

play.filters.cors

Controls CORS settings.

play.filters.cors { pathPrefixes = ["/workflow"] allowedOrigins = ["https://www.example.com", ...] allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"] allowedHttpHeaders = ["Accept", "Accept-Language", "Content-Language", "Content-Type"] preflightMaxAge = 1 day }

play.http.parser.maxDiskBuffer

Controls the maximum file size for attachments.

play.http.parser.maxDiskBuffer = 500m

play.http.parser.maxMemoryBuffer

Controls the max allowable POST body size.

play.http.parser.maxMemoryBuffer = 2m

webRequestBlockPortsByDefault

Controls whether the Send Web Request step permits requests to ports that are not defined in webRequestAllowPorts.

webRequestBlockPortsByDefault = false

webRequestAllowedPorts

Controls which ports are allowed to receive web requests during the Send Web Request step.

webRequestAllowedPorts = ["80","443","6443","13443"]

webRequestBlockHostsByDefault

Controls whether the Send Web Request step permits requests to hosts that are not defined in webRequestAllowHosts.

webRequestBlockHostsByDefault = false

webRequestAllowedHosts

Controls which hosts are allowed to receive web requests during the Send Web Request step.

webRequestAllowedHosts = ["esri.com", "doc.arcgis.com", "127.0.0.1/32", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"]

Geoprocessing tool names that match Arcade expressions

If the name of a geoprocessing tool matches the name of an ArcGIS Arcade expression, such as Buffer or Clip, add allowedList and add tool names that should not be evaluated as Arcade expressions. Alternatively, you can enclose the tool name in single or double quotation marks in the Run Pro GP Tool step's configuration.