Failed to update the identity store configuration. One or more server machines could not be updated with new user or role store configurations

2442
4
Jump to solution
10-11-2016 05:16 PM
rayterrill
New Contributor

I'm trying to update the ArcGIS Server Security source of users and roles using the arcgis/admin/security/config/updateIdentityStore web service over Python, but I'm getting the error message "Failed to update the identity store configuration. One or more server machines could not be updated with new user or role store configurations". Going into the GUI, it appears like things get saved correctly, but I can't get into the roles using the credentials.

def updateIdentityStore(token, serverName, serverPort):
    securityProperties = dict(adminUserPassword = 'MY#DOMAIN#PASSWORD', adminUser = u'MYDOMAIN\MYDOMAINUSERNAME', domainControllerAddress = "MYDCIPADDRESS")
    securitySettings = dict(type = "WINDOWS", properties = securityProperties)
    # Serialize directory information to JSON    
    securitySettingsJSON = json.dumps(securitySettings)
    # Construct URL to create a new site
    createNewSiteURL = "/arcgis/admin/security/config/updateIdentityStore"
    # Set up parameters for the request
    params = urllib.urlencode({'token': token, 'userStoreConfig':securitySettingsJSON, 'roleStoreConfig':securitySettingsJSON, 'f': 'json'})
    headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
    # Connect to URL and post parameters    
    httpConn = httplib.HTTPConnection(serverName, serverPort)
    httpConn.request("POST", createNewSiteURL, params, headers)
    # Read response
    response = httpConn.getresponse()
    if (response.status != 200):
        httpConn.close()
        print "Error while creating the site."
        return
    else:
        data = response.read()
        httpConn.close()
        # Check that data returned is not an error object
        if not assertJsonSuccess(data):          
            print "Error returned by operation. " + str(data)
        else:
            print "Security updated successfully"
        return

0 Kudos
1 Solution

Accepted Solutions
PhilipMcNeilly
Esri Contributor

Hi Ray,

I added an "encrypted=false" parameter as well as the roleStoreConfig parameter.  I added a snippet below that shows the payload creation and request.  You can adapt this and still use the dictionaries used in your script. 

serverName= "localhost"
serverPort= "6080"
updateURL = "/arcgis/admin/security/config/updateIdentityStore"
encrypted = "false"
roleStoreConfig= {"type": "BUILTIN","properties": {}}   #if you want your roles to use the built in store
userStoreConfig= {"type": "WINDOWS","properties": {"adminUserPassword": "password","adminUser": "domain\\username","domainControllerAddress": "[DC IP addres]"}}
data = {'f': 'json',
        'userStoreConfig': userStoreConfig,
        'roleStoreConfig': roleStoreConfig,
        'encrypted': encrypted,
        'token': token}
encoded_args = urllib.urlencode(data)
urllib.urlopen("http://"+serverName+":"+serverPort+updateURL, encoded_args)‍‍‍‍‍‍‍‍‍‍‍‍‍

 

Philip

View solution in original post

4 Replies
DanPatterson_Retired
MVP Emeritus

Could you format your code Ray... It isn't possible to tell if improper indentation is the result of copy and paste issues

/blogs/dan_patterson/2016/08/14/script-formatting 

0 Kudos
rayterrill
New Contributor

Done. My bad. First time posting.

0 Kudos
rayterrill
New Contributor

Another little wrinkle to this - it works fine with the user account from the GUI, so I installed Fiddler on the machine and ran things through the GUI, since it should be using the same web service behind the scenes to actually process the change.

The GUI is sending the same API call, except it appears to be encrypting the userStoreConfig first, and passing an encrypted userStoreConfig parameter with another encrypted=true parameter. Other than that, the request looks the same as mine - passing a token and json formatted.

0 Kudos
PhilipMcNeilly
Esri Contributor

Hi Ray,

I added an "encrypted=false" parameter as well as the roleStoreConfig parameter.  I added a snippet below that shows the payload creation and request.  You can adapt this and still use the dictionaries used in your script. 

serverName= "localhost"
serverPort= "6080"
updateURL = "/arcgis/admin/security/config/updateIdentityStore"
encrypted = "false"
roleStoreConfig= {"type": "BUILTIN","properties": {}}   #if you want your roles to use the built in store
userStoreConfig= {"type": "WINDOWS","properties": {"adminUserPassword": "password","adminUser": "domain\\username","domainControllerAddress": "[DC IP addres]"}}
data = {'f': 'json',
        'userStoreConfig': userStoreConfig,
        'roleStoreConfig': roleStoreConfig,
        'encrypted': encrypted,
        'token': token}
encoded_args = urllib.urlencode(data)
urllib.urlopen("http://"+serverName+":"+serverPort+updateURL, encoded_args)‍‍‍‍‍‍‍‍‍‍‍‍‍

 

Philip