Validation of federate server fail - 'Unknown resource - could not find token service endpoint'

deleted-user-0rxRICUw9_JJ · ‎05-23-2018

Hi

I have a Portal instance, available via web adapter on an external url:

https://portal.company.com/arcgis

I added a ArcGIS server instance on the same server, available via a second web adapter on an external url:

https://portal.company.com/arcgis2

ArcGIS Server Notes:

Administration work via url https://portal.compass.ie/arcgis2/admin
Protocol: HTTPS Only
Authentication tier: GIS_SERVER+
Authentication mode: ARCGIS_TOKEN
Server role: STANDALONE_SERVER
User Store Configuration Type: BUILTIN
Role Store Configuration Type: BUILTIN

The intention is to add the ArcGIS server as a federated server and configure it as the hosting server.

When I attempt to add a federated server on url https://portal.company.com/arcgis/home/organization.html, I get the error "Unknown resource - could not find token service endpoint.".

When I attempt to federate a server on url
https://portal.company.com/arcgis/portaladmin/federation/servers/federate, it succeed. I can also validate the federated server successfully.

After the server are federated via the portaladmin interface, it is being listed as a federated server on the https://portal.company.com/arcgis/home/organization.html page, but flagged with an error "error while validating the server". It also cant be added as the hosting server - error "Unable to set portal.company.com/arcgis2 as the hosting server. Unknown resource - could not find token service endpoint."

What I do notice:

While validating from the portaladmin interface, a POST request is issued - to https://portal.company.com/arcgis/portaladmin/federation/servers/validate

While validating from the https://portal.company.com/arcgis/home/organization.html interface, a GET request is issued: https://portal.company.com/arcgis/portaladmin/federation/servers/validate?f=json&token=9Ole9SgfXAhRY..., that return the response:

"{"error":{"code":498,"message":"Invalid Token.","details":["Token would have expired, regenerate token and send the request again.","If the token is generated based on the referrer make sure the referrer information is available with every request in header."]}}"

I can access and manually generate tokens on these two urls:

https://portal.company.com/arcgis/sharing/rest/generateToken

https://portal.company.com/arcgis2/tokens/generateToken

Any advice/comments would be much appreciated!

I don't understand how the referrer information can be different? Or what control I have on how portal use the token authentication.

AdrienHafner · ‎08-15-2018

Did you ever find a solution to this error message? I am receiving it, too, under the same circumstances.

GertConradie · ‎08-16-2018

Hi, no unfortunately not

AdrienHafner · ‎08-16-2018

Not sure if this will help you or not, but I was experiencing the same strange behavior (would federate and validate successfully in the Portal Admin API, but not on the Portal My Organization). We use IWA SSO for credentials and I also noticed that I was signed in to the Portal automatically when navigating to that web address, but when I tried to go from Portal to /portaladmin, I got prompted for credentials and the error message "Invalid Token". I had another Admin role Portal user here try the same thing and it worked for him (SSO pass through to /portaladmin from Portal), so I isolated the issue to my account/my browser. After clearing my browser cache in Chrome, the issue was resolved and I was able to federate Server to Portal with no issues and SSO pass through to /portaladmin worked again. Pretty embarrassing since I spend a good portion of my day telling others to clear their cache! haha

JoeHershman · ‎10-11-2018

Clearing my cache as suggested by Adrien Hafner‌ worked for me

Thanks,
-Joe

OscarFigueroaOD · ‎04-05-2022

Hi All

Adrien Hafner is correct . This is caused by a browser cheche error. If you open an incognito window it will allow you to federate the server.