I am moving from 10.1 to 10.6.1 and having some issues with SSO using active directory.
For the 10.6.1 erver we are using Portal to handle security functions. It is using users and groups from AD. When I create a map that uses a secured service those layers do not load. There is an error in the web debugger regarding a token being needed. However on my old 10.1 server this was never an issue with the same map. I would see the first request fail and returns the negotiate package and the second request gets authorized. This is normal as described here. Windows Authentication HTTP Request Flow in IIS – Matt’s IIS Support Tidbits
The part I find strange is that if I navigate to Portal Home I get logged right in. Also if I go to a secure service rest endpoint, I get logged right in. Once I go into either of those the layers in my map start working fine.
When looking at the differences with the rest directory, On 10.1 the top right of the main rest directory screen shows my username logged in while on 10.6.1 there is a login button that I need to click.
So It seems very strange that previously I never needed to do anything to log in but on this new 10.6.1 server I occasionally need to login by going to portal or a service before I can use my maps. This is going to be pretty confusing for the end users.
Bumping this back up. Anyone out there have any thoughts on these issues? Sadly I am almost at the point that I ned to abandon portal. I really do not want to do that as it was going to be a huge benefit to have portal running.
I started just trying to get my JS apps to work propely and that is where I encountered these issues. Yesterday I started playing around with web maps and web app builder apps and it looks like authentication isn’t an issue with those. I am not sure what is iss with those that handle authentication wthout issue.