Hi Again @BruceHarold,
I am following your blog post Creating an FME Web Connection for your Enterprise Portal and am running into at least one issue:
...and in the Translation Log, I find this:
Request to update access token failed. HTTP Error: HTTP/1.1 401 Unauthorized - https://myenterpriseportal.org/portal/sharing/rest/oauth2/token
After I enter in my credentials, I get this window...
I have used my login (admin), the login that I want to use (a resource account that is used for the Enterprise admin functionality). I have tried to enter usernames in 3 different ways - and the above window correctly displays the user name as seen in Portal.
My Portal setup just uses our Active Directory for authentication and I do have the Single Sign-On experience working for our users. I do not allow anonymous user access and do not allow people to create built-in accounts. I only assign user seats through Active Directory.
My full setup...:
Any thoughts on where to start looking for the issue?
Thanks,
--Adam
Solved! Go to Solution.
After spending a few days with Customer Service, we have found that there is a bug (BUG-000136812) in my specific situation. I will explain:
My Portal WebAdaptor within IIS is set up with IWA (Windows Authentication) enabled (using Active Directory for accounts and login) AND Anonymous Authentication DISABLED to utilize Single Sign-On. My customers are not prompted for login. They are authenticated with the credentials they used to log into their machine/domain on our intranet.
Workarounds:
The BUG has already been given a status of Not in Current Production Plan since it is an, "Authentication limitation from a third party component."
Adam if you're using FME the best way to get support is via Safe's support channel.
https://community.safe.com/s/support
Chat is very effective as a first step.
i'm using FME via Pro....
Same thing?
The Esri product is Data Interoperability extension which lets you make Spatial ETL tools in Pro, the FME product lives outside Pro. The support channels are separate at the customer level.
I am making a Spatial ETL tool in Pro with the Data Interoperability extension. Sorry for my confusion. Do I still go to their support page?
No that's us! If you create a support call with Esri it will be officially handled.
After spending a few days with Customer Service, we have found that there is a bug (BUG-000136812) in my specific situation. I will explain:
My Portal WebAdaptor within IIS is set up with IWA (Windows Authentication) enabled (using Active Directory for accounts and login) AND Anonymous Authentication DISABLED to utilize Single Sign-On. My customers are not prompted for login. They are authenticated with the credentials they used to log into their machine/domain on our intranet.
Workarounds:
The BUG has already been given a status of Not in Current Production Plan since it is an, "Authentication limitation from a third party component."
Question has been moved to the ArcGIS Enterprise space.
Using NLTM authentication in the writer to create the connection (2b) worked for me. Despite being an admin and signed in via IWA I could not successfully authorise the web service method, likely due to our IIS settings or something in that space. Anyway, thanks Adam for the pointer. I am currently on FME 2022.1.1.0 build 22623 (full application, not interop) and ArcGIS Enterprise 10.8.1.
Hi
I am experiencing the same issue where IWA is enabled and anon disabled.
A potential workaround is the bypass the Web Adaptor and shoot straight to the portal server via port 7443
If the portal server Fully Qualified Domain Name is myserver.domain.com, then
https://myserver.domain.com:7443/arcgis
make sure you swap out the default /portal in the fme dialog for the /arcgis
If you are running a HA portal environment then just hope the server you select is always up......
hope this helps 🙂