Select to view content in your preferred language

How to configure single-sign-on for ArcGIS Enterprise base deployment ?

9762
30
11-12-2021 06:18 AM
JohnHu
by
Occasional Contributor

I just installed and configured ArcGIS Enterprise 10.9 base deployment and also integrated window authentication with my organization's Active Directory.  I can add portal user from our Active Directory and use regular window user account.  The problem is that single-sign-on is not working,  and I have enter my window username and pwd to login into portal.  I like to get help on how to get single-sign-on to work for our ArcGIS portal.  Thanks in advance for your help.

0 Kudos
30 Replies
by Anonymous User
Not applicable

@JohnHu Have you ever found solution to your problem? I am experiencing the same issue and are out of ideas what is wrong that single-sign-on is not working. 

0 Kudos
JoyceGreen1
New Contributor

Was a solution found for this issue? I am having the same problem and have no idea what to do next.

0 Kudos
JoyceGreen1
New Contributor

FYI - adding the URLs to the Intranet zone solved the problem for us.  Adding to the trusted sites did not work for us. 

0 Kudos
GrantHopkins1
Occasional Contributor

Hi there, we are experiencing the exact same issue. We've added the URL's to local intranet as well and it's still not working. Does anyone have any other suggestions that were successful? @JohnHu , did you get a solution to your problem?

Thanks!

0 Kudos
DavidHoy
Esri Contributor

Grant, sorry to ask, but to be clear
Did you also check the box in Custom Settings for "Trusted Site"/"Local Intranet" to allow "Automatic logon with current user name and password"?
As Chris P pointed out in earlier post in this discussion. This is a CLIENT SIDE setting that you may need to get pushed to all users via a Group Policy setting once you have shown it works for the machine from which you are testing.

DavidHoy_0-1695262260661.png

 

0 Kudos
GrantHopkins1
Occasional Contributor

Hi David,

No need to aplogize, I appreciate you taking the time to help out. So yes, that setting was already checked on and is managed by my IT department.

GrantHopkins1_0-1695304107921.png

 

0 Kudos
ChristopherPawlyszyn
Esri Contributor

@GrantHopkins1 have you added the site to the list of trusted sites?

 

Taking a different angle, what is the current experience when you access the Portal? If you get a browser challenge for the 401 response then the issue still exists client-side, if you are sent to the Portal for ArcGIS login page then it's likely misconfigured on the server-side configuration for the ArcGIS Web Adaptor.


-- Chris Pawlyszyn
0 Kudos
GrantHopkins1
Occasional Contributor

Hi Chris,

I get challenged with a login, once I put my Active Directory credentials in, I get into my portal. What's odd is when I put in my https://machinename.domain.com to just hit my IIS it logs in, but if I hit my web adaptor https://webadaptor.domain.com  I'm being challenged. I'm starting to think this is an IT issue but I don't even know where to start asking them to look. What do you think? Oh, and even after putting my credentials in, I can only use Google Chrome on my portal. Portal won't load at all in Microsoft Edge. Not sure if this is related or not.

Thank you!

0 Kudos
DavidHoy
Esri Contributor

and it is the portal web adaptor URL you have added to your list of trusted sites?
It needs to be that, even if you are trying to get to the server pages, as that's what federation does - authentication is handled by the way the portal is configured.

your symptom that SSO works when you go to IIS by machine name but not when you use the alias seems to be saying that alias is not in the list of "trusted sites". but your local machine name is recognised as being in "local intranet" zone.

0 Kudos
GrantHopkins1
Occasional Contributor

Hi David,

Well, I believe we just have https://DNSAlias.domain.com . Should I have https://DNSAlias.domain.com/webadaptorname ?

Thanks,

Grant

0 Kudos