Portal federated AGS and secured services

1447
6
08-03-2017 07:17 PM
JoshVickrey
New Contributor III

I'm using ArcGIS Server 10.5 with secured services and trying to federate it (and hosted server) with Portal 10.5.  Whenever I do, portals security takes over and my services are no longer secured.  Should I be able to federate ArcGIS server (hosted server so users can publish in portal to it) while still keeping some services secured in AGS?  

Reason I was hoping this was possible is because I've read that printing is possible as long as a custom print service (embedded login credentials) is published and the web app has secured services.  

0 Kudos
6 Replies
DerekLaw
Community Moderator

Hi Joshua,

> Should I be able to federate ArcGIS server (hosted server so users can publish in portal to it) while still keeping some services secured in AGS?  

When you federate a Server site with Portal for ArcGIS, you are configuring the Server site to use the security model in Portal for ArcGIS. So, the answer to your question is "no" - these services will not use ArcGIS Server security, because its security model has switched to follow Portal's security model. After you federate, the web services in the Server site now follow Portal's security model. By default, they will be owned by the admin user who performed the federation operation. They are "secure" in the sense that they are private and not accessible until explicitly shared following Portal's sharing model.

> I've read that printing is possible as long as a custom print service (embedded login credentials) is published and the web app has secured services

Not sure what you mean here. You can enable a custom print service in Portal,

About utility services—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise 

Hope this helps,

JoshVickrey
New Contributor III

Hi Derek, thanks for the response.  As I eluded to, I'm totally aware that Portal's permissions will over take AGS's so based on your response about printing I'm guessing that you are referring to two ArcGIS server's.  Because your print example refers to a "secured" service which you cannot do when you federate AGS from Portal.  This is an enormous cost for an extra license of AGS but will try.  Thanks

0 Kudos
DerekLaw
Community Moderator

Hi Joshua,

I'm still not clear on your print service issue, but in this help doc:

Configure the portal to print maps—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise 

"If you federate your portal and server site and configure a hosting server, the hosting server's print service is automatically started and configured with the portal. However, if you've previously configured a print service with your portal, the URL is not updated when specifying a hosting server. You'll need to start the service, share the service, and configure it as a utility service."

I believe it says you can enable a custom print service, when you have a hosting server deployment.

Hope this helps,

RebeccaStrauch__GISP
MVP Esteemed Contributor

Derek Law‌  correct me if I am wrong, but from everything I have read, and staff I have talked to, once Portal is federated, (taking over security) items are either shared as "public" or it requires a named-user.  

With secure services in AGS, a proxy works well for controlling access to secure services (for web sites hosted locally). But this is not an option for Portal I don't think (from a legal licensing standpoint).  I know you can not talk licensing, but this is something users need to talk to their customer rep about, IMHO.

(I'm recommending not federating Portal in our shop, at this time, for that reason)

DerekLaw
Community Moderator

Hi Rebecca,

> ... once Portal is federated, (taking over security) items are either shared as "public" or it requires a named-user.  

Yes, this statement is true. After you federate a Server site with Portal for ArcGIS, its web services will now utilize the security model configured for Portal. And yes, web services can be shared as "public" (meaning everyone on the intranet can access) or a named user account is required to access them.

Hope this helps,

StevenE
New Contributor III

Hi Rebecca, 

I have a single machine deployment of Enterprise where Server and Portal are federated. Anonymous access is enabled in the Portal, and all feature layers, basemaps, printing/geocoding tools, and both the web map (created in Portal) and web app( created in WAB Dev, downloaded and uploaded to web server) are public as well. I added the app to Portal by connecting to the app in my content. 

Yet, when opening the app, I still get prompted to login to Portal. I want to make this map available to the public and am at a loss as to the correct path to take. I've read conflicting cases of setting up a proxy being the correct action to take, or not applicable when Portal and Server are federated. Any help or information would be greatly appreciated. 

Thanks,

Steven

0 Kudos