Select to view content in your preferred language

Linux upgrade 10.7.1 to 10.9.1 "Private" Portal access with oauth2 ?

173
3
12-10-2024 11:56 AM
Labels (1)
nippo
by
Emerging Contributor

Hello,

When I upgrade a Portal from 10.7.1 to 10.9.1, "private" access to "portaladmin" (with machine name not fqdn) asks for "oauth2" login and answer "The username you entered is not a member of this organization." even with a good login and password. In 10.7.1, it was just asking a simple login password to access "portaladmin" from machine name.

I can still log in to portaladmin with fqdn after upgrade and every contents are working but I can't add a second Portal and use webgisdr anymore.

What I'm doing wrong?

Sorry for my english,

Thanks!

 

## 10.7.1

Capture d’écran_2024-12-13_10-51-26.png

 

## 10.9.1

10.9.1.png

0 Kudos
3 Replies
TimoT
by
Frequent Contributor

Hi @nippo,

First of all, it’s normal for portaladmin to prompt for OAuth2 authentication in later versions of Enterprise..

Regarding your errors, I have seen something similar in an upgrade from 10.9.1 to 11.1 on Windows, so it may not be limited to Linux or version 10.7 of Enterprise.

The login error message you are receiving is not something you should see in ArcGIS Enterprise, and I believe only appeared in older versions of ArcGIS Online.

If you go to https://local.portal:7443/arcgis/home without logging in, does your navigation bar look like ArcGIS Enterprise's usual bar, or does it look more ArcGIS Online's as below

TimoT_1-1734010338896.png

If it looks like the ArcGIS Online navigation bar, then your issue may be very similar to the one I've seen in the past. The issue was related to corrupt Portal items and apps in the content store upon upgrade. You might start encountering further unusual behaviors beyond failures with webgisdr and adding a second Portal.

A workflow exists out there to reinstall only your Portal component while retaining all your items, federations, settings, etc. However, it is a complex workflow and probably not something you will easily find.

If you're lucky and your problem is only index related, the reconfigure operation that becomes available from 10.9.1 may fix an issue or two.

If you can, you might be better off reverting to your 10.7.1 deployment and attempting the upgrade process again. Please note that I could be completely off the mark here and your problem may be much simpler to resolve.

Good luck.

0 Kudos
nippo
by
Emerging Contributor

Hi @TimoT,

Thanks for your answer!

Ok, it’s normal for portaladmin to prompt for OAuth2 authentication in later versions of Enterprise (?!)

https://local.portal:7443/arcgis/home  redirect me to login screen.

Yes, I have all the tools to revert, no problem.

I changed log level of Portal postgresql (<install>/arcgis/portal/usr/arcgisportal/db/postgresql.conf, line 413) to "all" for a while.

I see this request in the log (<install>/arcgis/portal/usr/arcgisportal/logs/database/pg_log/ if you don't change dir) :

SELECT id, name, description, featured_groups_ids, quota, can_share_public, can_search_public, thumbnail, u rl_hostname, url_key, created, modified, access, all_ssl, culture, region, credits, state, notes, type, exp_date, max_users, subscription_id, comments_enabled, max_to ken_expiration_minutes, use_std_query, can_signin_idp, can_signin_arcgis, list_types, units, portal_properties, mfa_enabled, metadata_editable, metadata_formats, cred it_assignments, update_user_profile_disabled, default_user_credit_assignment, max_users_per_level, category_schema, allowed_origins, use_vector_basemaps, collab_confi g, datastore_level, hub_settings, companion_organizations, euei_enabled, notifications_enabled, allowed_external_links, verified, culture_format, org_capabilities, st orage_region, platform_sso, allowed_beta_features, iot_region_url, can_signin_social, can_signin_oidc, ist_privileges FROM gw_accounts WHERE url_key = \$1

with

parameters: \$1 = 'local'

So, there is a new parameter in 10.9.1, "url_key" ("urlKey" and "url") that can be change here : https://<fqdn>/portal/sharing/rest/portals/0123456789ABCDEF/update

I set it to "local" and I can use webgisdr and join a new portal again, I don't really understand...

Bizarre

nippo
by
Emerging Contributor

Contrary to what I wrote, I think "url_key" is not editable from https://<fqdn>/portal/sharing/rest/portals/0123456789ABCDEF/update (I edited it directly in database but it was not a good solution).

So, I gone back to 10.7.1, run the first part of upgrade again and switching "hostname.properties" to localhost (instead of "portal" or "local.portal"), I could upgrade licence to 10.9.1 (/\<install_dir\>/arcgis/portal/tools/importlicense/importlicense.sh) and finish "Post Upgrade" process after login to "https://<fqdn>/portal/portaladmin" with no "The username you entered is not a member of this organization." problem.

0 Kudos