Can I log into Manager from any machine in a multi-machine Federated site?

649
2
Jump to solution
09-26-2017 10:44 AM
LucasScharenbroich
Occasional Contributor

I have a multi-machine ArcGIS Server 10.5 site with two machines that is Federated with a Portal for ArcGIS deployment.. I have no problem logging into the ArcGIS Server Manager on the machine that I selected as the server when Federating the site, but I cannot log into Manager from the other machine.

I have isolated the cause to the generateToken portal endpoint and have a short Python script that replicates the issue.

If I call the generateToken endpoint and attempt to exchange a Portal token for a Server token using the server name that appears in the Servers tab in Portal, then request succeeds.

However, if I set the referer to the other machine that is part of the ArcGIS Server site, it fails with

   {"error":{"code":400,"message":"Unable to generate token","details":["Unable to generate token for this server"]}}

Reading between the lines of the documentation, I can see how this may be the intended and correct behavior, but since the ArcGIS Server rest endpoints can be accessed from any machine in the site and since we can publish services to any of the machines, it seemed odd that Manager would somehow be an exception.

Is there any documentation that I may have missed that addresses this point specifically?

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

I assume you can only reach Manager using the URL used as the Admin URL during federation?  Some trust is established between Portal and Server using that URL, and Portal will only generate valid tokens for that URL when reaching Manager.  This is something I run into a lot as well, and I'm hoping to have this corrected for future versions of the software.

In short, the behavior you see at this time is expected.

View solution in original post

2 Replies
JonathanQuinn
Esri Notable Contributor

I assume you can only reach Manager using the URL used as the Admin URL during federation?  Some trust is established between Portal and Server using that URL, and Portal will only generate valid tokens for that URL when reaching Manager.  This is something I run into a lot as well, and I'm hoping to have this corrected for future versions of the software.

In short, the behavior you see at this time is expected.

LucasScharenbroich
Occasional Contributor

I assume you can only reach Manager using the URL used as the Admin URL during federation?

Yes, this is correct.

Thanks for the explanation; not a serious issue, obviously, so I'll keep an eye on future releases.

0 Kudos