POST
|
Hi Jon, The Raster Analytics role handles image hosting as well so there is no need to assign that server to Image Hosting explicitly in the Portal. The option for Image Hosting Server is still available on that page in case you wanted to set a separate ArcGIS Image Server as the explicit Image Hosting server. -Danny
... View more
03-04-2020
02:05 PM
|
2
|
0
|
432
|
IDEA
|
It's worth noting that this error message could also point to a misconfiguration in the SAML IdP. That error essentially means the IdP successfully authenticated the user, but is not authorized or configured to release the user attributes to the service provider for that particular user, but still returns a successful SAML response. It may be possible for ADFS to provide a message to the users after they authenticate informing them they are not authorized to use the ArcGIS Online service provider. -Danny
... View more
09-12-2019
11:04 AM
|
0
|
0
|
505
|
POST
|
Matiur, Can you confirm that you have the box checked under your organization's Settings > Security > Social Logins > Configure. If you are not able to do this, try to change your active Portal in ArcGIS Pro to https://www.arcgis.com, you should see the option to sign in with your Google account then and if that account is a member of the organization in question, you should have access to it at this point. -Danny
... View more
07-16-2019
08:59 AM
|
2
|
1
|
2040
|
POST
|
Hello Phillipe, Can you confirm that you have a default user type and role set in your Organization Settings > Member Roles tab? It's possible that this was set incorrectly or your licensing was changed since that was set, causing the error you reported. If the Default role for new members had been previously set to a custom role that no longer exists, you will want to update the default to an existing one. -Danny
... View more
07-12-2019
04:35 PM
|
0
|
0
|
898
|
POST
|
Bill, Glad to hear that is working for you! Regarding the role assignment to new SAML users based on group membership (in Active Directory), to my knowledge there is no way to configure this although it would definitely be a great enhancement! I would highly recommend logging a suggestion here in GeoNet or opening a case with Esri Support Services to get that enhancement logged. If you are using ArcGIS Enterprise 10.7, you might have some luck using the new webhooks functionality, which can be set up to trigger a script to update the user's role when a new user is added. Not the simplest solution but if you are dealing with a huge amount of SAML-based users it might save you some time. -Danny
... View more
06-12-2019
01:18 PM
|
2
|
1
|
10767
|
POST
|
Bill, The Issuance Transform Rules simply tell AD FS which attributes to release upon successful authentication. If you want to limit who AD FS sends out the attributes to, you will want to set up an Issuance Authorization Rule instead. Strangely in your screenshot I don't see the 'Issuance Authorization Rules' tab at the top of the window. What version of AD FS are you using (or what version of Windows is AD FS on)? If you click on the Relying Party Trust for your AGOL Org and click 'Edit Claim Rules..." on the right, you should get a window like the screenshot below. In the Issuance Authorization Rules tab, you will want to remove the default rule ("Permit Access to All Users") and add one under the "Permit or Deny Users Based on an Incoming Claim" template: Select "Group SID" under Incoming claim type, then click Browse and enter the names of the groups you want to allow access: I hope this information is helpful! -Danny
... View more
06-11-2019
09:09 AM
|
2
|
3
|
10766
|
POST
|
Bill, The error you are getting is most likely the result of ADFS renewing it's signing/encryption SSL certificates, thus ArcGIS Online is not able to validate the signature on the SAML response with the certificate value it has on record. You can confirm if this is the case by looking at the x509certificate value nested in the Signature element of the SAML response and seeing if it matches the certificate value contained in the "Edit Identity Provider" settings in your ArcGIS Online organization (Organization > Settings > Security > Edit Identity Provider). If it does not match, you can update the Edit Identity Provider settings with the value contained in the SAML response. Another way to potentially fix this would be to reconfigure the identity provider options in your ArcGIS Online organization. You will need to get a new copy of the federationmetadata.xml file from your ADFS (which should contain the new SSL certificate values) and upload that to your AGOL organization (see https://doc.arcgis.com/en/arcgis-online/reference/configure-adfs.htm). Let me know if this does the trick! -Danny
... View more
06-10-2019
12:47 PM
|
6
|
7
|
10767
|
POST
|
Bill, I would confirm with your ADFS administrators that you are passing User-Principal-Name as NameID and not sAMAccountname within the Claims Attributes Rules in ADFS for the relying party trust you set up for your ArcGIS Online organization. The User-Principal-Name (or UPN) typically is in the user@domain whereas sAMAccountname is usually just the username, so it looks as if the attribute was changed in your claims attributes rules. -Danny
... View more
06-10-2019
11:26 AM
|
0
|
0
|
10767
|
POST
|
Adolfo, Your ArcGIS Server URL in the screenshot has port 7443, which is the incorrect port. ArcGIS Server uses port 6443. -Danny
... View more
05-29-2019
03:56 PM
|
0
|
0
|
955
|
POST
|
Sean, The 1618 error code, in my experience, can be triggered if Windows updates are taking place, so you might check that too. If you have not done so already, I recommend rebooting the machine too, as there may have been another installation that got hung but is causing Windows to block other installations from taking place. Also check with your IT department, as they may have automated updates pushed out to your machine that were in the process of installing when you tried to install Pro. -Danny
... View more
03-27-2019
02:07 PM
|
2
|
2
|
1265
|
POST
|
Todd, thank you for pointing that out. I have edited my answer to help others who run into this. -Danny
... View more
03-27-2019
09:37 AM
|
0
|
0
|
662
|
POST
|
Todd, There is a way to toggle that setting through the /sharing/rest endpoint of your portal: 1. Navigate to your Portal's sharing endpoint: https://yourserver.yourdomain.com/yourwebadaptor/sharing/rest and log in with the built-in administrator account ("Login" link at top right) 2. Click on the Home link (top left) and then navigate to Portals > Self, then at the bottom of this page click Update under Supported Operations 3. You should see an option called "Can SignIn Using ArcGIS", set that to True, then at the bottom of the page click "Update Organization" Edit: If you have disabled browsing to the /sharing/rest endpoint of your Portal you will need to reenable it to get through the above steps. This can be done by signing in to the /portaladmin endpoint and navigating to Security > Config > Update and set "disableServicesDirectory" to true. This will add back the "ArcGIS" button on the login screen for the Portal Home endpoint. I hope this helps! -Danny
... View more
03-26-2019
09:05 AM
|
0
|
2
|
662
|
POST
|
Xi, You should see the docker images listed on my.esri.com by going to Downloads > ArcGIS Enterprise. There are two available: ArcGIS Notebook Python Container Image (Standard) ArcGIS Notebook Python Container Image (Advanced) -Danny
... View more
03-25-2019
04:38 PM
|
0
|
0
|
519
|
POST
|
Todd, A new administrator account can be created using a command line tool provided in the Portal installation path. Please see the following documentation on how to do this: http://enterprise.arcgis.com/en/portal/10.6/administer/windows/recovering-the-portal-when-no-administrator-accounts-are-available.htm You can then sign in with this account and change any settings if you need to. I always recommend keeping this built-in account around in case you run into issues with signing in with SAML-based accounts. -Danny
... View more
03-25-2019
04:17 PM
|
0
|
4
|
662
|
POST
|
Hello Reid, Are you running the command prompt as an administrator? If you right-click on the command prompt icon or button on the task bar and select "Run as Administrator", then try the command again, does that resolve the issue? -Danny
... View more
03-22-2019
04:37 PM
|
2
|
5
|
1405
|
Title | Kudos | Posted |
---|---|---|
1 | 01-11-2017 05:55 PM | |
1 | 06-11-2015 02:28 PM | |
1 | 06-30-2015 08:57 AM | |
1 | 06-17-2015 01:06 PM | |
2 | 03-22-2019 04:37 PM |
Online Status |
Offline
|
Date Last Visited |
11-11-2020
02:24 AM
|