+ Reply to Thread
Results 1 to 11 of 11

Thread: ArcGIS for Server 10.1 - Mixed Mode Authentication

  1. #1
    Jose Sousa
    Join Date
    Feb 2010
    Posts
    175
    Points
    2
    Answers Provided
    0


    0

    Question ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi,

    Is it possible to configure mixed-mode authentication in ArcGIS for Server 10.1? If so can you guys point me to the right direction, link?
    Furthermore, I only want to restrict one AGS folder. All others should be available to everyone. I am verifying that this is not possible. In previous versions it was possible to create a new instance of AGS and have a different security model for that one to accomplish this. How does this work now?

    Thanks,
    José

  2. #2
    Bubba Hey
    Join Date
    Jul 2012
    Posts
    603
    Points
    146
    Answers Provided
    17


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    There is no setting in Server Manager > Security for this, but I believe ArcSDE requires it. For more info, see:

    http://resources.arcgis.com/en/help/...000004mw000000

    http://resources.arcgis.com/en/help/...00000004000000

  3. #3
    Jose Sousa
    Join Date
    Feb 2010
    Posts
    175
    Points
    2
    Answers Provided
    0


    0

    Question Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Libraries required to communicate with an enterprise geodatabase are now part of ArcGIS Desktop and as always happened before SQL Server Mixed-Mode can be used but is not mandatory. Depends on what authentication scheme you are using.

    Question is about ArcGIS for Server not ArcSDE. I believe that it is not possible to support mixed-mode authentication in Server 10.1 Manager. Not sure if this can be achieved by including another adapter into the configuration by editing some files. There isn't enough documentation about this.

    Can Esri Inc. provide some lights on this?

    Thanks,
    José

  4. #4
    Bubba Hey
    Join Date
    Jul 2012
    Posts
    603
    Points
    146
    Answers Provided
    17


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Not finding much. There's this link: http://resources.arcgis.com/en/help/...000005qz000000

  5. #5
    Ismael Chivite
    Join Date
    Feb 2010
    Posts
    46
    Points
    40
    Answers Provided
    7


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi,

    if you want to make all services in your server public, except those within a particular folder, do the following:

    -Open ArcGIS Server Manager and log with Administrative privileges
    -Click on the locker icon sitting by the name of the folder you want to make private
    -Select the roles that you want to have access to that folder (you may need to create the roles first, or configure your identity store)
    -Go into the Services Directory to make sure that the folder does no longer show for 'anonymous' users.
    -Use the login link in the top-right corner of Services Directory to make sure that users form the role/s you define actually have access to the services in that particular role.

    The trick is that ArcGIS 10.1 for Server always has security enabled (as opposed to previous versions). By default we make all services public, meaning that anyone can access them, but you can easily make them private at any time.

    Ismael

  6. #6
    Jose Sousa
    Join Date
    Feb 2010
    Posts
    175
    Points
    2
    Answers Provided
    0


    0

    Question Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi Ismael,

    Thanks for your attention.
    Yes. I already knew that the services had security enabled by default as you have said that in Dev Summit.

    I have configured AGS to use AD authentication (web tier). At that moment I am expecting all services to remain public. Then I went to a folder named "Secured" and applied a role with permissions to access that folder. When I tried to access the root rest endpoint I noticed it wasn't displaying any services (services inside secured where working though). I logged in again into Manager and noticed ALL folders and root were secured, but unlike the "Secured" folder they didn't had any role associated. Not sure whether this was applied at the moment I have defined AD authentication or when I have applied the role to the "Secured" folder.

    When clicking the locker icon at the root folder I have noticed that I cannot change the security to public. It has that option blocked for some reason. So it is private and can only be accessed if I define a role. Same for all other folders...

    If I go to each folder and services and try to change the security of each to public I see it doesn't allow. It only let's me apply a role from AD to the service/folder.

    This means that ALL services/folders are using AD (not just the ones inside the Secured Folder). Not sure this was intended by you. But it seems odd to me.

    Is there any way of unlocking this manually? Furthermore, can you provide me details on how to support mixed-mode authentication? As you know we could create in previous versions 2 instances one pointing to AD and another one pointing to some other scheme ... what is the new way of implementing this in case that is possible?

    Thanks,
    José Sousa
    Esri NZ

  7. #7
    Ismael Chivite
    Join Date
    Feb 2010
    Posts
    46
    Points
    40
    Answers Provided
    7


    1

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi Jose,

    on the first issue, where setting Active Directory for your Identity Store with web tier authentication will prevent you from making services public, we will address this in Service Pack 1.

    on the second issue, where you want to set two identity stores (say Windows Active Directory for internal use and Built-in or a custom store for external use for example), we are still looking into this. At this point, a site can only be configured with one identity store.

    I hope the above clarifies your questions. Do not hesitate on contacting me directly if you want further details.

    Ismael

  8. #8
    Jose Sousa
    Join Date
    Feb 2010
    Posts
    175
    Points
    2
    Answers Provided
    0


    0

    Thumbs up Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi Ismael,

    Thanks a lot for your clarification. I will change to GIS Server Authentication for the moment.

    Cheers,
    José

  9. #9
    Tony Gegner
    Join Date
    Nov 2011
    Posts
    18
    Points
    1
    Answers Provided
    1


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Hi Ismael,

    Quote Originally Posted by Ismael View Post
    on the first issue, where setting Active Directory for your Identity Store with web tier authentication will prevent you from making services public, we will address this in Service Pack 1.
    This is still an issue, has this been fixed in 10.2?

  10. #10
    Tony Gegner
    Join Date
    Nov 2011
    Posts
    18
    Points
    1
    Answers Provided
    1


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    on the first issue, where setting Active Directory for your Identity Store with web tier authentication will prevent you from making services public, we will address this in Service Pack 1.
    It's fixed in 10.2.

  11. #11
    harley powers parks
    Join Date
    Apr 2010
    Posts
    33
    Points
    0
    Answers Provided
    5


    0

    Default Re: ArcGIS for Server 10.1 - Mixed Mode Authentication

    Quote Originally Posted by toge View Post
    It's fixed in 10.2.
    looking at 10.2 now, and it looks like it may have some issues.

    directions call for creating 2 web adaptor applications, one for public, the other for private access.

    the later is supposed to be web-tier single sign on configurable but not much luck here in 10.2.

    I have 10.1 using ldap and CAMS, so single sign-on works... but this capability in the web adaptor is broken in 10.2.

    specifically, special characters in user name fails to login, and successful login does not make it past the progress bar.

    in 10.1 this was fixed:ArcGIS-101SP1-S-SSSC-Patch.msp

    but the issue is more involved than that in 10.2 when configured for single sign-on, i get not authorized page, and services show just the public authorized web services.

    no-joy.
    "Empire loves their damn lists!" Ralof of Sky Rim.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts