Community

ArcGIS Server 10.4 - problem with LDAP authentification

1758
3
10-06-2016 01:11 AM
DirkDr__Schäfer
by
New Contributor
‎10-06-2016 01:11 AM

Hello,

we have installed ArcGIS Server 10.4 on a Windows 2012 R2 Server (virtual machine) with Apache Tomcat 7.0.65. We want to use LDAP for the user authentification. All Users (LDAP) are displayed in ArcGIS Manager but unfortunately no authentification window opens when we want to access protected services from ArcGIS Server. When we try to access to a protected service in a browser window, no authentification window opens and no service will be displayed. We think, that the user credentials are not checked and the access is "anonymous".

The windows authentification with windows active directory works fine.

Can Anyone help us?

Thanks!

Dirk

0 Kudos
3 Replies
RandallWilliams
by Esri Regular Contributor
Esri Regular Contributor
‎10-06-2016 07:35 AM

It sounds like anonymous access is enabled at the web tier. You'd want to edit the web.xml at either the web adaptor level or globally on the Tomcat instance.

The update would look something like this:

You'd update the following to match the rose you've defined.

<security-constraint>

<web-resource-collection>

<web-resource-name>Authentication Required</web-resource-name>

<url-pattern>/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>WebAdaptor</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>DIGEST</auth-method>

<realm-name>ArcGIS Web Adaptor</realm-name>

</login-config>

<security-role>

<description>Web Adaptor Users</description>

<role-name>WebAdaptor</role-name>

</security-role>

0 Kudos
DirkDr__Schäfer
by
New Contributor
‎10-07-2016 07:56 AM

Dear Randall,

thank you for your answer! We edited the web.xml the way you have described it and now the authentification window opens when we try to access protected services from ArcGIS Server. Unforunately the access is denied: 

We believe that Apache Tomcat can´t find the LDAP directory server. In the next step we will edit the server.xml from Apache Tomcat in order to configure the connection to the LDAP directory server (https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html). We will keep you up to date.

Dirk

0 Kudos
DirkDr__Schäfer
by
New Contributor
‎10-10-2016 08:54 AM

Dear Randall,

we edited the server.xml according to the Tomcat documentation (https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html) and the access protected services from ArcGIS Server (via LDAP) are working. The only restriction: the access is via http because we used <auth-method>BASIC</auth-method> instead of <auth-method>DIGEST</auth-method>. However, we want to use https-connection and so we changed the authentification method in the web.xml to <auth-method>DIGEST</auth-method>. Additonally we changed the security configuration to https in the ArcGIS Server Administrator Directory. Now we can access the services on ArcGIS Server via https but no authentification window opens and the protected services will not be displayed.

Do you have any idea what we have to do to use LDAP with https?

Dirk 

0 Kudos