We are currently testing adfs 3.0 on our internal portal. Works fine to access it through any browser using my Active Directory log in. (I'm allowing both AD and Portal managed logins until we get any problems worked out)
I can also log in to our portal through ArcGIS Pro using my Portal managed username and password. Our ArcGIS Pro license is still managed by AGOL so there aren't any licensing issues.
However, when I try to login to our portal through PRO using my AD credentials I get the following page after entering in my email and password:
I'm guessing I'm just missing some IIS setting or maybe a setting in adfs, I just don't know what it is.
I should also note we are running
Server 10.5.1
Portal 10.5.1
Pro 2.1
How big is your AD forest? ADFS is essentially unusable with Portal if you have more than a few thousand users in the domain. And what are your ssl settings? ADFS -> Portal is very sensitive to cert properties. If you are using SSL, does your cert have a SAN property set that resolves to the FQDN of the web adpater?
Thanks for the reply!
Our organization is around 900-1000
Our SAN property is *.orgname.org, orgname.org
I have had no problem logging into our portal site through the actual portal website. (go to site, log in using orgname's credentials, enter in org email and password, connected) And I have run a test on other software using adfs when logged out of the portal(cache, cookies cleared, etc...). I can view our secured portal web services in the other software that uses adfs as a login without being prompted to login.
The issue is when trying to log in to the portal with organization credentials with portal. I would think the adfs integration with portal would affect everything and not just ArcGIS Pro.
But, I'm also not an IT guy, so I don't know the complete in's and out's of the settings.
can you run fiddler or wire shark while logging on? The IE page indicates that https traffic from Pro to PTL is being blocked.
Yeah, running Fiddler, but I don't really know what all the messages mean.
Connecting PRO through the portal managed logins doesn't spit out any errors.
When trying to connect through the adfs login:
1: /portal/sharing/rest/oauth2/saml/authorize HTTP/1.1 302 Found
2: Tunnel to adfs server HTTP/1.0 200 Connection Established
3: adfs server: /adfs/ls/?SAMLRequest=blahblahblah HTTP/1.1 302 Found
*Errors start
4: adfs server: /adfs/ls/wia?SAMLRequest=blahblahblah HTTP/1.1 401 Unauthorized
5: adfs server: /adfs/ls/wia?SAMLRequest=blahblahblah HTTP/1.1 401 Unauthorized
6: adfs server: /adfs/ls/wia?SAMLRequest=blahblahblah HTTP/1.1 400 Bad Request
There is some dark magic occurring with your ADFS configuration, but can only be solved by your AD admin. Suggest getting him, and Tech Support, on a conference call.....suspect it's an issue with your ssl certificate.