arcgis portal SAML vs IWA

Permanently deleted user

12 November 2018 05:04

We are setting up ArcGIS portal and planning to federate geocortex with it.  Esri told us there are 2 ways for SSO,  SAML and IWA. does this affect Geocortex setup? which one should we choose? 

 

Another question is, after geocortex is federated with protal, will we be able to use a secured feature services ?

0

• 

  Permanently deleted user

  24 November 2018 00:01

  Hi Zhijie,

   

  You should use SAML to provide the best experience for your users.  When integrated with Portal, Essentials uses the access token obtained during the sign-in to determine user information for the signed-in users.

   

  If you use Integrated Windows authentication, then the web adaptor will authenticate Essentials as Essentials and will reject our request to get more information using the user token obtained by the sign-in.  That's why we require anonymous access enabled, which will not allow single sign-on.

   

  When using SAML configuration, we are able to perform the query without it being rejected.

   

  After Geocortex is registered with your portal, you will be able to use feature services that are secured in your Portal.

   

  Regards,

   

  -Malcolm

  0
• 

  Permanently deleted user

  09 December 2018 22:50

  Thank you Malcolm,  

   

  My client doesn't have SAML at the moment,  is there a way to get the federation work with  Integrated Windows authentication ? 

   

  I read an arcticl about config geocortex to use Portal directly (instead of go through web adaptor) , do you think that is a good approch?

   

  is there other way you can think of ?  you mentioned "then the web adaptor will authenticate Essentials as Essentials and will reject our request", is it possbile to 

   

  conifgure web adapator(or IIS) to allow the request? 

   

  Many thanks

   

  Shen

   

   

   

   

  0
• 

  Permanently deleted user

  10 December 2018 20:53

  Hi Shen,

   

  When anonymous access is disabled, then currently our only supported way to connect to an Integrated Windows-secured Portal is by connecting directly to the port (bypassing the web adaptor).  This method will not give you a single sign on experience, the user will need to enter their credentials when signing in to the Portal.

   

  To get single-sign-on, you must delegate the sign-on with SAML so that we can connect to Portal without signing in.

   

  It is technically possible to configure the web adaptor application to remove the integrated windows authentication and allow us to send your credentials when making a service request, but we are still investigating how we might want to do this.  The web adaptor is outside of our software so we must be careful when choosing the appropriate method and location to insert the code.

   

  Regards,

   

  -Malcolm

  0

Du måste logga in om du vill lämna en kommentar.