Latest Contributions by JeffSmith

Ok.  That sounds fine.  I wonder if it is a permission issue of some sort.  I would double-check to make sure the account running the Server service has full control to the <ArcGIS root>\Server\framework folder.  If that still doesn't help, I would recommend contacting technical support to have someone review your system a little more closely. ... View more

Hi Felipe, When you make any changes to the Server security configuration, Server should restart automatically.  Just to be absolutely certain, you might try restarting the Server service.  Limiting it to TLSv1.2 is fine.  Was the 10.9.1 system upgraded from an earlier release?  I ask because 10.9.1 only enables TLSv1.2 and TLSv1.3 by default so I was wondering if TLSv1.1 had been enabled previously from an older release.  Also, are you using OpenSSL to validate what TLS protocols are enabled? ... View more

I agree with what @DavidPike said.  There is no way to automatically remove users from Portal once they have been removed from A/D.  If you have a lot of users in Portal, using a Python script to return a list of users and their last login is helpful.  I'll put in a plug for the next release of Portal.  In 11.1, a new Python script is included with Portal that will identify users that no longer exist in A/D or LDAP and give you a much easier way to delete them all at once.  A report is generated so you can review what was found before deleting them.  If any of those old users own any items, a separate list is generated so you can do a bulk transfer of all the items to a different user prior to deleting them. ... View more

Yes, we do plan on providing a fix for this for 10.9.1 as a part of the next Portal security patch.  We are hoping to have this available by early March. ... View more

Version B of this Portal for ArcGIS patch for 11.0 has just been released.  It may take a little while to be listed in the Patch Notification tool, but it can be downloaded from the patch page. https://support.esri.com/en/download/8070 ... View more

Yes, there were some enhancements in 10.9.1 to validate the certificate used in the Server admin url.  We didn't do this in 10.7 and while things still worked, there were some workflows that would fail if Portal did not trust the Server admin url certificate. Since you are receiving that error message, I would double-check that the root certificate and any intermediate certificates from the CA that signed your wildcard cert are imported into the portaladmin api under sslCertificates/importRootOrIntermediate.  Once imported, make sure the Portal service restarts for the new certs to take effect. ... View more

@Jay_Gregory- Once support for SAML based groups was added to ArcGIS Enterprise around release 10.7, that became the recommended workflow.  Technically using SAML for logins and LDAP for enterprise groups should still work though.  A couple of things to double-check: * The username attribute used by SAML (corresponding to the "Name ID") needs to match the "usernameAttribute" specified in the group store configuration json string.  If you are connecting to Active Directory, this is usually "sAMAccountName". * In the SAML login configuration in Portal, make sure the option to "Enable SAML based group membership" is disabled in the advanced settings.  Since you want to use LDAP to manage group membership, you want to make sure Portal is not expecting groups to be passed in the SAML assertion. ... View more

@MarGIS, I can't say for 100% that it is not supported but I have never seen one on Linux and from what I have read, if it were possible, it would not be straight-forward.  I know you can federate a Linux server with AD but I'm not sure how Linux would utilize a gMSA without explicitly providing the password. ... View more

I'm not aware if gMSA accounts are supported on Linux in general, let alone in ArcGIS Enterprise on Linux.  Is there a tool or utility you've used to utilize gMSA accounts from Linux? ... View more