I'm trying to resolve an issue I'm having with Portal where edits to feature services are submitted as the Portal service account instead of the user signed into Portal.
Both Portal and ArcGIS server are configured to user web tier authentication to allow users to sign in seamlessly. I have set up a feature class in SQL server and enabled editor tracking. This feature class has been published as a single layer in a feature service on ArcGIS Server.
I can edit in ArcGIS Desktop and the REST end point (applyEdits) which correctly captures the name of the user signed into ArcGIS Server.
When I add the feature service as a layer to Portal (using the feature layer URL, no log in details requested), and edit in a Portal map, any new features or edits have the name of the service account running the Portal service added to the editor tracking fields not the name of the user.
I've been through the ArcGIS Server logs, and I can see that as the map draws all the requests have the correct user name. I queried layers and ran a Geoprocessing Service and can see that all calls from Portal to ArcGIS server have the correct user name.
When I create a new feature in my layer using the edit tools, all requests start coming from the windows service account instead of my user name. After the feature has been created subsequent calls to the feature layer (pop-up, query) again start coming from the Portal user.
If I use my custom app to programatically create a new feature, all requests are coming from my Portal user until I call "applyEdits" on my feature layer, when again requests start coming from the service account.
Is there anyway to force applyEdits to use the windows/Portal user instead of the service account to apply edits?
- the typical workflow to do this is to use a federated server.
- using a portal (or agol ) with secured service on non federated server should work when you don't store credentials when referecing your FeatureService in Portal ( the drawback is that it asks you for your credentials whent using your app). But i don't know the behavior of this option when using Web tier authentication with SSO.
hope this helps
Thanks for the response Alex.
If I've read your second point correctly what we are trying to do should work?
Is this an issue I can resolve with Portal configuration (outside of federating the server, which I believe could cause issues with legacy applications), or is it a more fundamental Portal issue?
I believe this is the default behavior of Portal with federated GIS Servers behind web-tier. The user is in fact, authenticating via IWA, but the edit user stamp is coming from when PTL passed that edit from the Portal Web Interface, or feature service local edit check in/out, to SQL.