Hi, I'm new to FME. I have created a basic workspace using the Esri ArcGIS Portal Feature Service Reader and are having issues with authentication.

Question

When I select NTLM the workspace successfully runs on FME Desktop and FME Server with all features read as expected. When I select Kerberos, the workspace successfully runs on FME Desktop but not FME Server.

The following error is observed in FME Server:

“ArcGIS Portal Feature Service Reader: Using authentication ‘Kerberos’ ”

“ArcGIS Portal Feature Service Reader: Logging into ‘https://<my ArcGIS Portal host>/portal/’ as user ' ' ”

"ArcGIS Portal Feature Service Reader: Could not log into https://<my ArcGIS Portal host>/portal/sharing/rest/generateToken as user ' '. Check your credentials and try again. The error code from the server was '400' and the message was: 'Unable to generate token. 'username' must be specified, 'password' must be specified."

Ideally we would like to use a more secure authentication method than NTLM. ArcGIS Portal is not currently setup to use OAuth and I’ve attempted to use the other authentication types with no success.

Other notes:

· I am using FME Desktop/Server v2021.2.0.1

· I have created a service account for SSO which is used by the FME Server Engines service. It has been registered as an SPN for both the unqualified and fully-qualified FME Server hostname

· SSO works when logging into FME Server Web App on a different machine to the FME Server installation but not on the same machine as the FME Server installation. I’ve followed the troubleshooting article for IWA/SSO and my setup appears to be OK. I’m also aware that this is a known issue with FME Server.

· When I publish workspaces from FME Desktop to FME Server, the following error is observed: "Request to update access token failed. HTTP error: HTTP/1.1 400. Note this error is observed for all workspaces published but it doesn’t seem to cause any issues, i.e. the publish is successful and workspaces successfully run on FME Server.

· When I initially installed FME Server, I specified the unqualified and not the fully-qualified FME Server hostname - not sure if this is an issue

Please let me know if you require any additional info.

Thank you

Page 1 / 1

Hi @au.dhdbsysadmin

The simple explanation for this behavior could be that the User running your FMEEngine is not an authorized user or a LocalService account.

Please use the instructions mentioned here in the help doc "Running the FME Server System Services Under Different Accounts (Windows)"

Ensure that the account used is an authorized user for all the contents that you would like to access or at least part of the GROUP that has permission to access the feature services.

Hope this helps.

Reply

rahulsharma · Answer

Hi @au.dhdbsysadmin​The simple explanation for this behavior could be that the User running your FMEEngine is not an authorized user or a LocalService account. Please use the instructions mentioned here in the help doc "Running the FME Server System Services Under Different Accounts (Windows)"Ensure that the account used is an authorized user for all the contents that you would like to access or at least part of the GROUP that has permission to access the feature services. Hope this helps.

Reply

Community Stats

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded