Scenario: The requirement is to support SSO between ARG GIS and other enterprise applications (like SharePoint). I can see that the online version of ARC GIS 10.2 (ArcGIS.com) supports SAML based claims authentication and can be easily configured to provide SSO using products like Microsoft ADFS. However, the on premise version (ArcGIS Web Adapter/Portal) of the same doesn�??t seem to support SAML based authentication. My questions, in this regard, are below:
Questions: �?� Is it true that on premise version of ARC GIS does not support SAML based authentication? Is there a way to turn this feature ON? �?� Is ARC GIS (on premise) built using ASP.NET. If yes, can we use WIF (windows identity foundation) to configure its web.config to use claims authentication instead of windows authentication? �?� Is there any way where we can provide SSO with between on premise ARC GIS and other applications which are claims based? �?� What all authentication mechanisms does ARC GIS support other than windows authentication?
FYI: when you say "on premise version of ARC GIS", I believe you are referring to Portal for ArcGIS, a new extension to ArcGIS for Server in the 10.2 release.
�?� Is it true that on premise version of ARC GIS does not support SAML based authentication?
A1. Correct. The current release of Portal for ArcGIS does not support SAML authentication. This is being considered for a future release.
�?� Is ARC GIS (on premise) built using ASP.NET. If yes, can we use WIF (windows identity foundation) to configure its web.config to use claims authentication instead of windows authentication?
A2. The ArcGIS Web Adaptor for IIS is built on ASP.NET. Regarding support for claims authentication, the answer is "no".
�?� Is there any way where we can provide SSO with between on premise ARC GIS and other applications which are claims based?
A3. Single-sign on (SSO) with Portal for ArcGIS is possible, see the options listed in A4.
�?� What all authentication mechanisms does ARC GIS support other than windows authentication?
A4. Portal for ArcGIS currently supports the following authentication mechanisms: windows authentication, ArcGIS token-based authentication, HTTP, and PKI.
We recently upgraded SharePoint 2010 from Classic Mode Authentication to Claims Based Authentication in preparation for migration to SharePoint 2013. Now, when I try to access the URL http://localhost/arcgisweb/rest/services from the server, I get a Error: User does not have permissions to access this folder. Code: 403
I suspect this is because we are now accessing this site anonymously? When I access the web site in IIS, and open the Authentication feature, I see that Anonymous Access is Enabled, and Windows Authentication is Disabled. If I disable Anonymous Authentication and enable Windows Authentication, and retry I get: Error: Unable to decrypt user credentials from web adaptor. Could not decrypt: Given final block not properly padded. Code: 403 What do I need to do to resolve this? I need to pass the user's windows credentials to the rest service. Thank you.
