Community

Web Tier Authentification not working Portal 10.7.1

1178
3
11-06-2019 03:12 PM
ClintonBallandis1
by
Occasional Contributor
‎11-06-2019 03:12 PM

Hi all,

I'm trying to create a single sign on experience for my Portal 10.7.1 users using web tier authentification.

I've updated the Portal Security Configuration with the required AD parameters in json format as per the documentation.

I can successfully test the identity store and the connection is returned as successful. 

I've create an active directory user in the Portal and tested logging in using the AD account before enabling window authentification.

I then go to the iis server manager and select the portal webadaptor 'arcgis' and Disable Anonymous Authentification and Enable Window Authentification.

I believe I should now be logged in automatically into the Portal and that IIS should handling the authentification?

However when I go to the portal URL i'm challenged for credentials and it appears that Portal requires a token to login?This isn't what I was expecting.

Any help would be appreciated.

Thanks,

Clinton

0 Kudos
3 Replies
RachelSears
by
Occasional Contributor II
‎11-07-2019 09:48 AM

Hi Clinton!

I am wondering if the challenge for authentication might be coming from the browser/intranet settings?

  1. Navigate to Internet Options.
  2. Navigate to the "Security" tab, then highlight "Local Intranet." Click on the "Sites" button.
  4. Click on the "Advanced" button.
  7. Add your "hostname.domain.com" for the machine hosting Portal for ArcGIS and/or the machine hosting the web adaptor. 
  8. Close out of this dialog box, then click on "Custom level" in the box for "Security level for this zone."
  9. Scroll to the bottom, and under "User Authentication" > "Logon" check the option for Automatic logon with current user name and password.

Restart your browser and attempt to access the Portal again. Let me know if this works!

Best,

Rachel

ClintonBallandis1
by
Occasional Contributor
‎11-12-2019 12:41 PM

Hi Rachel,

The site were trying to get active directory working with is only available on our internal network using the following url https://gissandbox.npdc.govt.nz/arcgis

I've checked my trusted sites in Internet explorer and we have a wild card entry for *.npdc.govt.nz

I also checked my User Authentication and it is set to Automatic logon with current user name and password

With I.E. and Chrome and Firefox (anonymous Disabled and Windows Authentication Enabled) the browser is still returning the following URL

https://gissandbox.npdc.govt.nz/arcgis/sharing/rest/oauth2/authorize?client_id=arcgisonline&display=... 

If I re-enable anonymous access along with Window Authentication I can login at the prompt using my active directory credentials

I then appear to be logged in with my active directory account however this isn't sign sign on. 

Please let me know if you have any other suggestions

Thanks,

Clinton

0 Kudos
JeffSmith
by Esri Contributor
Esri Contributor
‎12-20-2019 01:30 PM

Not sure if you are still seeing this issue with web-tier authentication not working but one suggestion I have would be to enable anonymous access to your 'arcgis' web adaptor and then re-register it with your Portal.  Once registered, re-enable the Windows Authentication and try it again.

I've seen instances where the IIS web adaptor thinks it is registered and properly forwards the requests to Portal but Portal does not think it has a web adaptor or the web adaptor information has somehow become corrupt.  The behavior in these cases is very similar to what you described.  The web-tier authenticated user is not automatically logged into Portal.  The user has to manually type in the username/password at the sign-in window.