AnsweredAssumed Answered

Log into ArcGIS Server Manager fails after Portal for ArcGIS federation

Question asked by borlo on Mar 24, 2014
Latest reply on May 14, 2014 by geonetadmin
Hi,
after federating ArcGIS Server with Portal for ArcGIS I can no longer access the ArcGIS Server Manager (I know that I need to use a Portal User - in my case Active Directory user).

From Fiddler, using the web adaptor manager URL, I see that a generateToken request to Portal fail:

This is the request URL: https://arcg-s03.gesp-it.priv:444/arcgis/manager/proxy?https://arcg-s03.gesp-it.priv/portal/sharing/generateToken

This is the response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Verb</h2>
<hr><p>HTTP Error 400. The request verb is invalid.</p>
</BODY></HTML>

In fiddler Auth pannel I read:
No Proxy-Authenticate Header is present.
No WWW-Authenticate Header is present.

This is the response on the web page:
[ATTACH=CONFIG]32444[/ATTACH]

Using the admin manager URL (deployed on Geronimo) the generateToken request return a blank response (HTTP 200) but I can not log in.
This is the request URL: https://arcg-s03.gesp-it.priv:6443/arcgis/manager/proxy?https://arcg-s03.gesp-it.priv/portal/sharing/generateToken

In fiddler Auth pannel  I read:
No Proxy-Authenticate Header is present.
No WWW-Authenticate Header is present.

[ATTACH=CONFIG]32446[/ATTACH]

This is the response on the web page:
[ATTACH=CONFIG]32445[/ATTACH]

Inside portal log the requests seems to generate these errors (C:\arcgisportal\logs\webserver\catalina.2014-03-24.log):

mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null
mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null
mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null
mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null
mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null
mar 24, 2014 5:59:19 PM com.esri.gw.filters.ErrorFilter doFilter
SEVERE: Code: 498|Message:Invalid token.|Details:null


The token generation works fine if executed directly from https://arcg-s03.gesp-it.priv/portal/sharing/generateToken

Portal side seems to be ok: I can log in with AD users and I was able to import all the map services from the federated ArcGIS Server.

This is my configuration:
Windows Server 2008 R2 Enterprise
Anonymous Authentication to AGS website is enabed from IIS
Windows Authentication is enabled to Portal website from IIS
ArcGis Server is configured to serve only https
Portal is configured to read AD from our domain server

[ATTACH=CONFIG]32447[/ATTACH]

Thanks in advance for you support
Alessandro

Attachments

Outcomes