Trouble connecting to Portal with portalpy

2199
2
04-25-2016 12:25 PM
RickThiel
Occasional Contributor

Hello,  let me start with a little background...

  • I have a Portal 10.3.1 environment, with an IIS web adaptor.
  • Windows server.
  • We use Windows Integrated Authorization (WIA) / Single Sign On
  • We have been using WIA/single sign on successfully for all of our users.

However, I have just started to look into using portalpy for automating some administrative tasks and I am having troubles logging in via Python 2.7.  I found some code from the samples to login to Portal and list all of the admin users.  Unfortunately, I cannot connect.  I keep getting the following error:  "error: 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"

Capture.PNG

I have done some reading online, and I have seen things about ssl3 and the Poodle virus, but I am unsure if that is related.  Has anyone else dealt with this problem in your code?

Thanks, --Rick

Reply
0 Kudos
2 Replies
JeffSmith
Esri Contributor

Hi Rick,

I suspect the issue you are running into is because Python is trying to use SSLv3 by default to communicate over HTTPS and this is disabled on Portal 10.3.1.  What specific version of Python 2.7 are you using?  I believe Python 2.7.8 is the last version to try to use SSLv3 by default but unfortunately that is the version distributed with Server and Desktop 10.3.1.

Here are a couple of ways to address it:

1. Override the default protocol used by Python. There are multiple ways to do this but the simplest I've found is to add the following to the beginning of your script:

     import ssl
     ssl
.PROTOCOL_SSLv23 = ssl.PROTOCOL_TLSv1

2. Download and use a later version of Python 2.7 to run the portalpy scripts.  If I'm correct about the version, anything after 2.7.8 should work.  One caveat with this approach though. These newer versions of Python also enable SSL certificate verification by default.  This causes problems connecting to Portal over :7443 because a self-signed certificate is used which cannot be verified.  If you choose to upgrade to a newer version of Python and want to disable the SSL verification, I'd recommend adding a snippet of code outlined here.

Jeff

JoshuaBixby
MVP Esteemed Contributor

Extremely useful snippet of code, thanks for sharing.

Reply
0 Kudos