How to configure single-sign-on for ArcGIS Enterprise base deployment ?

JohnHu · ‎11-12-2021

I just installed and configured ArcGIS Enterprise 10.9 base deployment and also integrated window authentication with my organization's Active Directory. I can add portal user from our Active Directory and use regular window user account. The problem is that single-sign-on is not working, and I have enter my window username and pwd to login into portal. I like to get help on how to get single-sign-on to work for our ArcGIS portal. Thanks in advance for your help.

Anonymous User · ‎10-28-2022

@JohnHu Have you ever found solution to your problem? I am experiencing the same issue and are out of ideas what is wrong that single-sign-on is not working.

JoyceGreen1 · ‎11-21-2022

Was a solution found for this issue? I am having the same problem and have no idea what to do next.

JoyceGreen1 · ‎11-28-2022

FYI - adding the URLs to the Intranet zone solved the problem for us. Adding to the trusted sites did not work for us.

GrantHopkins1 · ‎09-20-2023

Hi there, we are experiencing the exact same issue. We've added the URL's to local intranet as well and it's still not working. Does anyone have any other suggestions that were successful? @JohnHu , did you get a solution to your problem?

Thanks!

DavidHoy · ‎09-20-2023

Grant, sorry to ask, but to be clear
Did you also check the box in Custom Settings for "Trusted Site"/"Local Intranet" to allow "Automatic logon with current user name and password"?
As Chris P pointed out in earlier post in this discussion. This is a CLIENT SIDE setting that you may need to get pushed to all users via a Group Policy setting once you have shown it works for the machine from which you are testing.

GrantHopkins1 · ‎09-21-2023

Hi David,

No need to aplogize, I appreciate you taking the time to help out. So yes, that setting was already checked on and is managed by my IT department.

ChristopherPawlyszyn · ‎09-21-2023

@GrantHopkins1 have you added the site to the list of trusted sites?

Taking a different angle, what is the current experience when you access the Portal? If you get a browser challenge for the 401 response then the issue still exists client-side, if you are sent to the Portal for ArcGIS login page then it's likely misconfigured on the server-side configuration for the ArcGIS Web Adaptor.

-- Chris Pawlyszyn

GrantHopkins1 · ‎09-21-2023

Hi Chris,

I get challenged with a login, once I put my Active Directory credentials in, I get into my portal. What's odd is when I put in my https://machinename.domain.com to just hit my IIS it logs in, but if I hit my web adaptor https://webadaptor.domain.com I'm being challenged. I'm starting to think this is an IT issue but I don't even know where to start asking them to look. What do you think? Oh, and even after putting my credentials in, I can only use Google Chrome on my portal. Portal won't load at all in Microsoft Edge. Not sure if this is related or not.

Thank you!

DavidHoy · ‎09-21-2023

and it is the portal web adaptor URL you have added to your list of trusted sites?
It needs to be that, even if you are trying to get to the server pages, as that's what federation does - authentication is handled by the way the portal is configured.

your symptom that SSO works when you go to IIS by machine name but not when you use the alias seems to be saying that alias is not in the list of "trusted sites". but your local machine name is recognised as being in "local intranet" zone.

GrantHopkins1 · ‎09-22-2023

Hi David,

Well, I believe we just have https://DNSAlias.domain.com . Should I have https://DNSAlias.domain.com/webadaptorname ?

Thanks,

Grant