Problems setting up SAML access to Portal for ArcGIS (via Reverse Proxy Server)

Martin1 · ‎08-20-2021

We are having several Portal for ArcGIS installations behind a reverse-proxy server (Nevis) and would like to configure SAML access to them.

We have followed the doc available online (e.g. definition of a WebContextURL) and it seems to work fine while in the intranet, however when in the internet it does not work.

The reason is that Portal for ArcGIS seems to not take the WebContextURL but sends an authentication request to an address that still contains the original server address, which is not accessible via the internet.

Built-in accounts work fine.
Does anyone have an idea what we do wrong?

Taking a look at the call it seems that the idpAuthorizeUrl in the variable oAuthInfo is not correct but contains the internal server address.

Martin1 · ‎08-26-2021

Turns out that this was a problem with the configuration of the Reverse Proxy Server:

The headers X-Forwarded-Host and Location as well as Head were not setup properly.
Some information can be found here: Configure your portal to use a reverse proxy server

However, a reverse proxy administrator is needed to configure this correctly.

View solution in original post

Martin1 · ‎08-26-2021

Turns out that this was a problem with the configuration of the Reverse Proxy Server:

The headers X-Forwarded-Host and Location as well as Head were not setup properly.
Some information can be found here: Configure your portal to use a reverse proxy server

However, a reverse proxy administrator is needed to configure this correctly.