Select to view content in your preferred language

Adding unsecured services

8747
9
Jump to solution
04-09-2014 06:21 AM
BrendanDwyer
Frequent Contributor
We are running portal 10.2.2. 

When we enable security by checking the "Allow access to the portal through SSL only" checkbox we are not able to bring in outside services that aren't using ssl.  For example, if I want to use a service for my basemap from esri:

http://services.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer

Portal will give me an error stating that the site is configured to only use SSL connections (paraphrasing).

Is there a way to allow it to bring in non-SSL data while having the SSL only check box checked?
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
DustinHobbs
Esri Contributor

Once the setting of "Allow access to the portal through SSL only" is enabled, Portal for ArcGIS will ignore any HTTP request. If you need to consume mixed content/services (HTTP and HTTPS) then this setting should be disabled.

I hope this information helps.

View solution in original post

9 Replies
BrendanDwyer
Frequent Contributor
The error message when I try to add a non-secure basemap states: "Notice, This portal is configured to require that only urls accessed over HTTPS can be added."

For user authentication, we have to allow only SSL.  But not being able to bring in non secure services seriously degrades the utitlity of the portal.  There's got to be a way to do this, right?
0 Kudos
WilliamCraft
MVP Regular Contributor
The behavior you described is also something we experienced.  If the GIS service you are trying to access does not respond over SSL, then you cannot utilize it in Portal for ArcGIS.  Some services, however, respond to HTTP and HTTPS.  Below is an example:

http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer
https://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer

Both URLs resolve; one over port 80 and the other over port 443.

One thing I had thought about was attempting to use the IIS Redirect Module for IIS 7 to see if perhaps HTTPS URLs could be re-directed to HTTP in order to "trick" Portal for ArcGIS.  I've not tried this, but it might work.  Assuming you're using Windows.
BrendanDwyer
Frequent Contributor
The behavior you described is also something we experienced.  If the GIS service you are trying to access does not respond over SSL, then you cannot utilize it in Portal for ArcGIS.  Some services, however, respond to HTTP and HTTPS.  Below is an example:

http://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer
https://server.arcgisonline.com/ArcGIS/rest/services/ESRI_StreetMap_World_2D/MapServer

Both URLs resolve; one over port 80 and the other over port 443.

One thing I had thought about was attempting to use the IIS Redirect Module for IIS 7 to see if perhaps HTTPS URLs could be re-directed to HTTP in order to "trick" Portal for ArcGIS.  I've not tried this, but it might work.  Assuming you're using Windows.


Thanks for replying.  We're on windows/iis.  We were thinking of something along the same lines, trying to spoof an https service on our end, but didn't know how to go about it.  I'll check out the redirect module.

Some odd behavior I've seen: We use a copy of the esri road map service as the default basemap and also use the same service listed as a separate basemap named Street Map.  With ssl only enabled, it will display the default map.  But it will not allow the street map if you try to switch to it, giving the warning listed in my earlier post.

Odd...
0 Kudos
JaysonLindahl
Frequent Contributor
Unfortunately not all services respond to an HTTPS request.  We have been trying to figure out a way around this issue as well, but nothing so far.
I don't believe ESRI has a solution, or a work around to this either.
RobMiller
Emerging Contributor
I am also experiencing this issue.  I have Portal secured using Integrated Windows Authentication and have a Federated ArcGIS Server associated with it.  Everything works great with the federated server but I am unable to add an unsecured map service through http to Portal from a different ArcGIS Server.  We are using Portal internally and the single sign-on capability is a great benefit, but we have many public facing services that need to be registered into Portal.  Has anybody found a work around for this, or do we have to use the built-in user accounts for authentication in order to register unsecured services? 

As stated in the original post, this seems like a major limitation of Portal.  This also appears to affect the use of ArcGIS webapp builder and ESRI Maps for Office.  Any help or suggestions would be greatly appreciated. 

Thanks
0 Kudos
DustinHobbs
Esri Contributor

Once the setting of "Allow access to the portal through SSL only" is enabled, Portal for ArcGIS will ignore any HTTP request. If you need to consume mixed content/services (HTTP and HTTPS) then this setting should be disabled.

I hope this information helps.

ThomasColson
MVP Frequent Contributor

Dustin, unfortunately, in today's security environment, disabling SSL requirement is no longer an option if secure windows auth to PTL is mandated. Given that Portal users still need to display map services from outside the organization that are not behind SSL, I would hope that Esri has some guidance on this issue.

0 Kudos
RainerSpitzer1
Deactivated User

Maybe its worthy to think about using the portal proxy for access to unsecured services in a further release?

Right now we are using an own simple Proxy-Server (like IIS URL Rewrite Feature) to come around this problem.

MichaelKarikari1
Occasional Contributor

How do you set up the URL Rewrite module and portal to utilize the proxy?

0 Kudos