Select to view content in your preferred language

How to configure group access when using AD FS as the enterprise identity provider with Portal for ArcGIS

1136
2
06-06-2018 12:54 AM
RobertDriessen2
Occasional Contributor

We have set up portal 10.5.1 with a federated server 10.5.1.  AD FS is configured and working perfectly.  Domain logins are working as expected.

When setting up AD FS we followed the steps here

Configure Active Directory Federation Services—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise 

We skipped over optional step 6 which integrates domain groups with the portal. 

 

We now want to use the enterprise groups inside portal.

However when I follow step 6 and supply the domain credentials exactly as specified with the following format

{   "type": "WINDOWS",   "properties": {     "isPasswordEncrypted": "false",     "userPassword": "secret",     "user": "mydomain\\winaccount"   } }

(obviously replacing secret and user details)

I get the following error

Portal Administrator Directory

Error

com.esri.arcgis.portal.admin.core.PortalException: java.lang.Exception: Could not connect to the group store. Please check the configuration and try again.


Code: 500
The portal log file also contains the following
<Msg time="2018-06-06T16:49:25,238" type="SEVERE" code="205008" source="Portal Admin" process="6044" thread="14" methodName="" machine="XXXXXXCorrect address for our portalXXX" user="" elapsed="">Failed to update identity store. Cannot connect to role store using supplied configuration. Verify the role store configuration is correct and try again.</Msg>
Am I missing something?  We have a number of domain controllers - would that be the issue?
The instructions say that
"In most cases, you will only need to alter values for the user and userPassword parameters."
What are the options in other cases.
Do I need the "WINDOWS" type as well as the "BUILTIN" type or does the "WINDOWS" type replace the "BUILTIN" type?
Any help appreciated.  🙂
2 Replies
AnthonyRyanEQL
Frequent Contributor

Robert,

Have you tired the json string with no formatting, etc. (eg. no spaces/tabs). I had a problem way back in Portal 10.3.1 where I was trying to make it look pretty and easy to read but this was causing the issues. Hoping this might have been fixed since then

0 Kudos
KevinEscalera2
Occasional Contributor

Hi, did anyone solved this problem? I am in the exact same situation as Robert but in version 10.7.1.

0 Kudos