IWA and iOS

807
5
01-09-2018 05:16 AM
Highlighted
New Contributor III

Hello, I have setup ArcGIS Enterprise in a development environment that includes an ArcGIS web adaptor (IIS), portal and server all on separate virtual machines. For the web adaptor IIS settings, I have disable anonymous access and enabled windows authentication and have successfully tested IWA. Users are able to sign in through a web browser without providing any sort of credentials. I am now in the process of connecting Collector for ArcGIS to the portal on an iOS (iPad) device. The iPad is AirWatch enabled and successfully connects to our network. I select ArcGIS Enterprise and fill out the portal connection as https://.domain.com/portal , where portal is the name of the web adaptor. However, upon login I am unable to able to pass credentials through the sign in. I have try to include both the domain name formats (username@domain or domain\username) and without the domain with no luck. The only return is error "cancelled". I have some questions:

  1. Is it possible for iOS devices to log in through portal's web adaptor when IWA is enable while allowing single-sign on for web browsers on windows? The iPad is AirWatch enabled, however it does not pass on any credentials as a windows machine would. If I enable anonymous access through IIS the portal login pops up with no issue and I can log in, however users are required to provide their credentials when going through a web browser. I would like for Collector to log in at the same end point while maintaining windows single sign-on.
  2. If it is not possible for iOS devices to log in when IWA is enable, is a problem with have two web adaptors registered with the portal: one for IWA on web browsers (e.g. https://.domain.com/portal )and another for signing in with mobile devices (e.g. https://.domain.com/mobile)? The mobile web adaptor is only used to log in through Collector. I am able to connect to collector using the mobile web adaptor and sign in. Web maps show up, and I'm able to submit and view data. The only articles I could find were regarding highly available setups and a web adaptor on different machines with the same name.

Thanks!

5 Replies
Highlighted
New Contributor II

I am also having the same issue.  We have one environment with IWA and are unable to pass credentials in Collector when trying to sign on to our Enterprise environment. We are also seeing the same issue when trying to sign in to Portal through a web browser. We have another environment without IWA and are able to sign in using Portal assigned credentials with no issues.  

Reply
0 Kudos
Highlighted
New Contributor III

Gene,

As it turns out, we need to open up both port 443 on the web adaptor box and port 7443 on the portal box for the AirWatch VPN clients. I'm not exactly sure, but it seemed as though even when you try to hit the web adaptor at 443, the client will still need to contact the portal box directly. Thus every time I was trying to hit the portal for authentication I was being denied by the fire wall and getting a canceled response. 

Reply
0 Kudos
Highlighted
New Contributor II

Thank you for letting me know this Sam. We will give this a try.

Regards,

Gene

Gene Lohrmeyer

Senior GIS Analyst | GeoEngineers, Inc.

Telephone: 425.861.6062

Fax: 425.861.6050

Mobile: 206.473.8060

Email: glohrmeyer@geoengineers.com<mailto:glohrmeyer@geoengineers.com>

8410 154th Avenue NE

Redmond, WA 98052

www.geoengineers.com<http://www.geoengineers.com>

Reply
0 Kudos
Highlighted
New Contributor III

Did opening port 7443 on the web adaptor and portal boxes solve the issue?

thanks

Reply
0 Kudos
Highlighted
New Contributor III

The problem was resolved after opening up 7443 on the portal box. Only 443 is open on the web adaptor box.

Reply
0 Kudos