Federating an ArcGIS Server site with your portal
You can optionally add an ArcGIS Server site to your portal. This provides the following benefits:
- The server and the portal share the same user store (that of the portal). This results in a convenient single sign-on experience.
- Any items you publish to the server are automatically shared on the portal.
- You can optionally allow the server to host tiled map services and feature services published by users of the portal.
When you add a server to your portal in this manner, it is said that you are federating the server with the portal. A server that has been added to your portal is a federated server.
If the server you want to federate uses web-tier authentication, you'll need to disable web-tier authentication (basic or digest) and enable anonymous access on the ArcGIS Web Adaptor configured with your site before federating it with the portal. Although it may sound counterintuitive, this is necessary so your site is free to federate with the portal and read the portal's users and roles. If your ArcGIS Server site is not already using web-tier authentication, no action is required on your part. You can continue with the steps below.
The following steps explain how to federate an ArcGIS Server site with your portal.
- By default, ArcGIS Server is configured to communicate using HTTP only. Conversely, Portal for ArcGIS uses HTTP and HTTPS for communication by default. Because some communication between the portal and the server needs to be encrypted, you must update your ArcGIS Server site to communicate through HTTPS. You can force HTTPS for all calls (HTTPS only) or allow the server to use either protocol (HTTP and HTTPS). The protocol chosen does not have to match that of the portal, except in the following scenarios:
- If you require HTTPS for all communication in your organization, you must configure ArcGIS Server and Portal for ArcGIS to communicate using HTTPS only.
- If you will be configuring the server as your portal's hosting server, the communication protocol chosen should match that of your portal. For example, if your portal is HTTPS-only, then the hosting server should be configured as HTTPS-only. If the portal supports HTTP and HTTPS, then the server protocol should be configured as HTTP and HTTPS.
For full instructions on changing the ArcGIS Server communication protocol, see the steps below:
- Open the ArcGIS Server Administrator Directory and log in as a user who has administrative permissions. The Administrator Directory URL will be formatted http://gisserver.domain.com:6080/arcgis/admin.
- Click security > config > update.
- On the Operation - update page, select one of the following from the Protocol drop-down list:
- If you require SSL for all communication in your organization, select HTTPS only.
- If you use Integrated Windows Authentication with your portal, you must select HTTPS only.
- If you do not require Secure Sockets Layer (SSL) for all communication in your organization or Integrated Windows Authentication, select HTTP and HTTPS.
- Click Update. Your ArcGIS Server site is restarted. You'll need to wait for it to restart completely before proceeding.
- Log out of the Administrator Directory.
Note:It takes Web Adaptor approximately one minute to recognize changes to the communication protocol of your site.
Legacy:In earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. At 10.2.2 and later versions, this is no longer necessary.
- Sign in to the Portal for ArcGIS website as an administrator and browse to My Organization > Edit Settings > Servers.
In this step, you must connect to the website through the Web Adaptor URL (such as https://webadaptor.domain.com/arcgis/home). Do not use the internal URL on port 7443.
- Click Add Server.
- Provide the following information:
- Server URL—The URL used by external users when accessing the ArcGIS Server site. If the site includes Web Adaptor, this URL includes the Web Adaptor address, for example, http://webadaptor.domain.com/arcgis. If your organization requires SSL for all communication, use https instead of http.
- Administration URL—The URL used for accessing ArcGIS Server when performing administrative operations on the internal network, for example, http://gisserver.domain.com:6080/arcgis. If your organization requires SSL for all communication (such as when using Integrated Windows Authentication), use https://gisserver.domain.com:6443/arcgis.
- Username—The name of the primary site administrator account that was used to initially log in to Manager and administer ArcGIS Server. If this account is disabled, you'll need to reenable it.
- Password—The password of the primary site administrator account.
- Click Add.
- Click Save to save the federated server settings.
When you attempt to federate an ArcGIS Server site with your portal, a log of the federation activity is created in the portal content directory (for example, <Portal for ArcGIS installation directory>/arcgis/portal/usr/arcgisportal/logs/webserver/portal.<date>.log). If you encounter an error during federation, it is recommended that you review the messages in this log to help you troubleshoot. You can also share this information with Esri Support, if necessary. For a full list of issues that you may encounter when federating, see Common problems and solutions.
Now that your server is federated with the portal, you will use a URL such as https://gisserver.domain.com:6443/arcgis/manager to log in to ArcGIS Server Manager. You will be required to supply the name and password of a portal administrator or publisher. There are various other differences you'll encounter when working with a federated server that you can read about in Administering a federated server.
After federating your server with the portal, you may also want to do the following:
- Import your services from the federated server—If you want all your existing ArcGIS Server services to be visible as portal items, you can import them using the federate link in the ArcGIS Server Administrator Directory. This is a one-time batch operation because now that your server is federated with the portal, subsequently published services will automatically be available as portal items.
- Configure one of your federated servers as a hosting server—This allows your portal users to publish services to the portal. They can do this from the portal website or the My Hosted Services node in the Catalog tree in ArcMap.
- Disable the primary site administrator account—This is not necessary for all sites, but it can provide an extra measure of security by forcing all users to use portal accounts and tokens.