Failed access to Portal for ArcGIS using a LDAP or Active Directory identity store

Description

Using enterprise identity stores (such as a Lightweight Directory Access Protocol [LDAP] or Active Directory) to authenticate Portal for ArcGIS 10.2 fails to function.

Cause

The account used to authenticate against the enterprise identity store (Windows Domain/LDAP) is no longer valid, or the account’s password has been modified.

Solution or Workaround

1. Stop running Portal for ArcGIS.
2. In the appropriate drive, navigate to the ArcGIS > Portal > etc > portal-config.properties file. Open the file with a text editor.
3. Edit the appropriate section of the portal-config.properties file:
   
   
   For LDAP
   - Edit lines 65 and 66 in the portal-config.properties file to reflect the correct LDAP user attributes and password for an account with read access to the LDAP database.
   - Edit line 67 to change the idp.userpassword.encrypted flag to ‘false’ (no quotes).
   
   For Windows/Active Directory
   - Edit lines 75 and 76 in the portal-config.properties file to reflect the correct user name and password for an account with read access to the Windows identity store.
   - Edit line 79 to change the idp.userpassword.encrypted flag to ‘false’ (no quotes).
   
   
   
4. Restart Portal for ArcGIS.
5. Verify users can access Portal for ArcGIS 10.2 using enterprise credentials.
6. Once Portal for ArcGIS is restarted, the passwords for the user accounts used to read the identity store become encrypted.