Select to view content in your preferred language

SSO unable to Authenticate Credentials on Federated Server

1037
2
Jump to solution
01-04-2024 10:54 AM
Amarz
by
Frequent Contributor

Hello,

I am testing enabling SSO on my Multi-Machine Set up, but am encountering the following error on my hosting server machine (see attached). We have set up Active Directory on IWA

Amarz_0-1704393590085.png

So far I have configured the following:

  1. Portal set to allow access to portal through HTTPS only
  2. Do not allow anonymous access to portal
  3. Portal Admin connected to Active Directory
  4. IIS on Portal's webadaptor set to:
    1. Anonymous Authentication = Disabled
    2. Windows Authentication = Enabled
  5. wildcard domain added to Trusted Sites in Internet Options
  6. Internet Options are set to Automatic Login w/ current username and password in Local Intranet/ Trusted Sites/ Internet zone on all machines (

I was following Use Integrated Windows Authentication With Your Portal

I can utilize SSO for Portal Log in & ArcGIS Pro login. Just not Server Manager / Admin both on machine and on local machine.

Any ideas why it is not recognizing my Enterprise Portal here on the Server login page?

When I push it back to Anonymous Authentication: Enabled / Windows Authentication: Disabled, I am greeted with a login that recognizes the Portal.

Amarz_1-1704394344260.png

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Amarz
by
Frequent Contributor

Joshua, you are right, the domain is domain\user, and what I meant to type was 'user@domain'. However, that was not the issue. My issue stemmed from improper privatePortalURL in my Portal & improper AdminURLs on my machines.

They were set to be https://dnsalias.domain:6443/arcgis, where they should have been set to FQDNs as 'https://machine.domain.local:6443/arcgis'. Making this adjustment corrected the SSO issues I was experiencing.

 

View solution in original post

0 Kudos
2 Replies
JoshuaBixby
MVP Esteemed Contributor

Domain logins to ArcGIS Server have to be "mydomain\user" format and not "user/mydomain" format.  What documentation is saying to structure your login that way?

0 Kudos
Amarz
by
Frequent Contributor

Joshua, you are right, the domain is domain\user, and what I meant to type was 'user@domain'. However, that was not the issue. My issue stemmed from improper privatePortalURL in my Portal & improper AdminURLs on my machines.

They were set to be https://dnsalias.domain:6443/arcgis, where they should have been set to FQDNs as 'https://machine.domain.local:6443/arcgis'. Making this adjustment corrected the SSO issues I was experiencing.

 

0 Kudos