Configure the AOP Core Role

As the AOP Core Role is not required for AOP to run, you may have to install the role. See Install the AOP Core Role for more information.

To ensure that your AOP application is secure, you need to configure the AOP Role that Geocortex Core uses so that AOP recognizes your GeoEvent server as a valid source of information. You also need to create credentials for other services that need to interact with AOP so that AOP recognizes which services are valid and which are not.

Ideally, Geocortex Core should be configured to use HTTPS.

To follow best practice, the AOP Core Role has two security mechanisms that you need to configure. Both of the security mechanisms are configured in the role.config file of the AOP Role. The default installed location for the file is:
C:\Program Files\Latitude Geographics\Geocortex Core\NSRoot\Geocortex\AOP\role.config

The two security mechanisms include:

A whitelist of acceptable IP addresses: You create a list of server IP addresses that AOP checks and accepts as external events. You add the IP addresses of the trusted servers where your external events originate. IP entries are separated by semicolons and can be written in either Internet Protocol version 4 or version 6 (IPv4 / IPv6) formats. The list of IP addresses is added in the <StartupSettings> element in the file.

For example:

<?xml version-"1.0 encodeing="utf-8">
    <Role Name=AOP" Binalry=Geocortex.AOP.exe" Namespace="geocortex.aop" AutoStart="True>
	    <StartupSettings>
            <StartupSetting Key="WhiteList" Value="127.0.0.1; ::1; 10.0.0.154" /> 
        </StartupSettings>
    </Role>

If any IP addresses attempt to access AOP and are blocked because they are not on the whitelist, they are logged to the AOP.log. The default location for the AOP.Log is:
C:\Program Files\Latitude Geographics\Geocortex Core\Data\Logs.
You can use the log files to identify if you need to add an IP address to the whitelist or to see if there are sites trying to access AOP that are a security risk.

Authorization Token Using a Password and ID : You can configure an authorization token using an ID and passwords for any external servers. Any server supplying external event information to AOP must then provide the matching authorization in its API calls. You are likely to need multiple sets of authorization if you are use multiple sites as sources of information. You add the password and ID token as values in the Key="Tokens" attribute.

For example:

<?xml version-"1.0 encodeing="utf-8">
    <Role Name=AOP" Binalry=Geocortex.AOP.exe" Namespace="geocortex.aop" AutoStart="True>
    <StartupSettings>
        <StartupSetting Key="WhiteList" Value="127.0.0.1; ::1; 10.0.0.154" /> 
            <StartupSetting Key="Tokens" Value="username: password; username2:password" /> 
        </StartupSettings>
    </Role>

Documentation Version 2.0