This is the scenario: ArcGIS Enterprise 10.5.1, deployed in a single machine deployment, except Web Adaptor, that is installed in another web server. ArcGIS Server was federated with Portal using the internal server names. Later, the deployment was required to be accesed from the internet. A new URL was created, certificates are in order, WebContextURL was set. The problem is when triyng to login to ArcGIS Server, login is redirected to the portal´s internal URL (web adaptor web server name), and fails if accesed from internet. How can I solve this? In ArcGIS Server admin interface, is not posible to update the portalURL value. Re-Federate ArcGIS Server is not possible, and is not recommended.
Trying to follow your post is quite difficult. Hard to understand what you are trying to accomplish but sounds like not much architectural thought went into whatever is being done here.
Federating basically means that you are relinquishing all authorization checks to Portal (sharing models and integrating security). (among other things, such as now requiring named users etc) so yes, it would direct you to portal for authorization credentials.
As per documentation, Federation is optional except if you want to do the following:
If your workflow doesnt include any of those three bullet points, then I would re-consider federating at all.
Another question is why would you want to access ArcGIS Server admin (AGS) from the internet? To me, this sounds like a huge security risk.
Also as per documentation...
If you are able to perhaps explain the workflow and what is trying to be attempted here, might help for forum members to answer.
There is no way to update the portal URL for a federated Server, unfortunately. You may be able to update the property on disk and see if it updates in the Server Admin API when you restart Server, but there may be a number of loose ends to tie up if you do this, as trust is established between Portal and Server based on "apps". Manager/Server is considered an "app" so you'd need to update any of those references through the Portaladmin API. Unfederating and refederating introduces other problems but it's the only supported way to fix the problem.
Do you know where the utility that is used to Federate an ArcGIS Server with Portal for ArcGIS grabs the "portalURL" property that is set in the ArcGIS Server security configuration? We have a situation that used the internal IIS machine name for the property when Federating and not the configured web address. I've reviewed the Portal configurations and nowhere can I find that machine name listed there. Before we re-federate this server I would like to make sure we don't end up with the same issue.
There's no external utility, it's all internal logic. The portalURL would be defined by the web context URL, if one is set, and if not, the web adaptor URL.
Thank you for your quick reply, Jonathan. Unsure what happened when we did the Federation as both of those values point to the proper URL. This system is not yet in production so we will unfederate / refederate.
For everyone who is stuck in the same problem:
Unfortunately there is STILL no solution for this issue. The only way to solve this ist to unfederate and refederate. If you do this, make sure that the WebContextURL-Property is set BEFORE you federate and - to be on the save side - that you access the portal via the external URL when you are performing the federation. Hope this helps a bit at least...