Change from IWA to ADFS

703
2
06-13-2019 06:23 PM
VishApte
Esri Contributor

Hi,

I have a client who has implemented ArcGIS Enterprise 10.6.1 with Active Directory integrated named users. The Web Adaptor with Windows Authentication is placed in front of the Portal to provide automated log-in experience.

Client now wants to use ADFS as SAML compliant identity provider. However, client wants to retain IWA-like user experience that is all domain users logged-in automatically when accessing the Portal. My understanding is with ADFS, users will still need to provide their domain username and password on Enterprise Log-in page. This is not a true Single Sign-On experience rather a Same Sign-On experience. Is there a way to achieve automated log-ins with ADFS? Does it require some configuration at ADFS level?

Thanks,

Vish 

Tags (2)
0 Kudos
2 Replies
CameronBlandy
Occasional Contributor

Looping back in this very old posting. @VishApte did you ever figure this out. I am looking at doing the same.

 

0 Kudos
VishApte
Esri Contributor

@CameronBlandy 

From memory, the solution was to create a URL rewrite rule in IIS which redirects the user to ADFS, initiates login, then sends them back to Portal.  So instead of accessing Portal via maps.example.com/portal, they navigate to maps.example.com (the rule applies at IIS root) and after a series of redirects they end up authenticated at maps.example.com/portal/home.

0 Kudos