I am moving from 10.1 to 10.6.1 and having some issues with SSO using active directory.
For the 10.6.1 erver we are using Portal to handle security functions. It is using users and groups from AD. When I create a map that uses a secured service those layers do not load. There is an error in the web debugger regarding a token being needed. However on my old 10.1 server this was never an issue with the same map. I would see the first request fail and returns the negotiate package and the second request gets authorized. This is normal as described here. Windows Authentication HTTP Request Flow in IIS – Matt’s IIS Support Tidbits
The part I find strange is that if I navigate to Portal Home I get logged right in. Also if I go to a secure service rest endpoint, I get logged right in. Once I go into either of those the layers in my map start working fine.
When looking at the differences with the rest directory, On 10.1 the top right of the main rest directory screen shows my username logged in while on 10.6.1 there is a login button that I need to click.
So It seems very strange that previously I never needed to do anything to log in but on this new 10.6.1 server I occasionally need to login by going to portal or a service before I can use my maps. This is going to be pretty confusing for the end users.