How Long After Portal Is Portal 2

[Monica Okane]

AzureAD B2C's login goes through login.microsoftonline.com, as does almost every Microsoft service (O365, Azure, etc). So if you've got several accounts that you've signed in to across these services, you're accumulating cookies that will cause this problem.

This is bound to happen much more frequently to developers than end users as developers are logging in to the Azure portal with their corporate account, maybe also with a B2C admin account and then testing out their B2C-powered app with multiple logins.

In the long term, the answer will be is to allow Azure AD B2C customers to specify their own custom domain. This gives the application's B2C cookies isolation from everything else in login.microsoftonline.com. As of 2019-06-23, this feature is still under development. You can support this feature and keep track of its progress by voting for it in the Azure AD B2C feedback forum: Customer-owned domains

Limit the amount of claims you include in your token. The more attributes you include in your policy, you'll end up with longer http requests which give you less margin for cookies from other Microsoft properties

Azure AD B2C allows you to use b2clogin.com instead of login.microsoftonline.com which will reduce your substantially reduce your exposure to this issue as you'll no longer share cookies with other Microsoft services.

Just an FYI: I work on B2C team and our people are looking at this issue. This is not the first time, and in fact, we've fixed it in the past so it's possibly a regression. We'll report back as soon as we have more information.

I received multiple answers that this was because I was part of too many Active Directories. I was a part of ZERO active directories when I hit this issue. I cleared my cookies and got about two steps before this happened again. The request appears to be sending many, many microsoft cookies, azure cookies, facebook cookie, google cookies, adsense cookies, and linkedin cookies in the request, but deleting them all didn't help. I finally got through using an incognito tab.

Just a warning to all portal admins looking to run the Portal for ArcGIS Validation and Repair tool. It takes a VERY long time. Ours has been running for 4 hours so far, and it's rolled back 4 of 7 patches so far. Will update once complete.

as @AmandaDeMedeiros says, we triangulated the issue to anti-virus (windows defender) on our Azure system. We now have a policy in place to pause anti-virus during a significant patching procedure such as this one.

We are experimenting the sames issues as you rigth now. Adding exclusion doesnt seem to help... @AmandaDeMedeiros what kind of politics did you implemente on azure ? @David_Brooks I'm only able to desactivate it 20 minutes ... and we can't control when it is applied by microsoft...

What the tool is doing is identifying your patches for the broken one, and then it deletes the old patches and reapplies. If this is a production environment, I would recommend doing this during off hours. You could also check if the anti-virus is targeting ArcGIS Enterprise folders.

Exclude the following from your Anti-virus (default locations):

Thanks for these tips. We are running ArcGIS Enterprise 10.8.1 on Azure and we excluded these folders from the anti-virus while the patch remover tool and updates were running and then re-enabled after.

Took about 4-5 hours after hours to run the patch remover.

Glad I read about all of this first.

I was playing around with guest wifi and the portal authentication. I was initially getting the same blank screen. I had ACLs on the EAP denying access to RFC1918 networks (in addition to having the guest button clicked in the WLAN setting for the guest wifi). I created a pre-authentication acl allowing access to the controller's ip address (the controller is the device serving up the portal page). I also had to disable the EAP ACL (I suspect I need to modify it to allow access to the controller IP address as well. I would have thought the pre-auth acl would have taken care of that but it may be a precedence issue; hard to tell from the gui). The portal page then loaded as expected.

@aletfox Do you have any access controls rules or restrictions. between the guest network and the network that the controller sits on?Have you set the controller hostname/ IP under the controller access config ?

You can also try an open the portal in another browser once connected to the guest network. You should just be able to enter the IP address if the controller into the browser and it should redirect you to the portal page.

The site is secure.

The ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

The U.S. Government Accountability Office (GAO) in its report, Equal Employment Opportunity: Strengthening Oversight Could Improve Federal Contractor Nondiscrimination Compliance (GAO-16-750), expressed concern that "OFCCP has no process for ensuring that the tens of thousands of establishments that have signed a qualifying federal contract have developed an AAP within 120 days of the commencement of the contract, or updated it annually."

OFCCP is currently only requiring annual certification for supply and service contractors. Contractors that are only construction contractors and not also supply and service contractors are not required to certify compliance, and should not register for the portal.

Contractors can add establishments or functional/business units by following the steps in Section 3.3 "Adding Establishment(s) or Functional/Business Unit(s) Records" of the Contractor Portal User Guide.

Contractors can close each establishment or functional/business unit which should not be listed under the Parent Company. Instructions for closing establishments or functional/business units are available in Section 3.5 "Updating Facility Status: Open/Closed" of the Contractor Portal User Guide. Examples of when to close an establishment or functional/business unit include, but are not limited to, the following:

It depends on whether the establishment maintains a separate AAP. If the establishment has fewer than 50 employees and maintains an AAP only for those employees, it must be included in the Contractor Portal. See 41 CFR 60-2.1(d)(2) (describing which employees should be covered in an AAP). If the establishment has fewer than 50 employees and does not maintain an AAP only for those employees, the contractor does not need to list the establishment in the Contractor Portal.

If an establishment with fewer than 50 employees still maintains its own AAP, update the headcount to match the AAP. If an establishment has fewer than 50 employees and the contractor chooses to incorporate the employees into a different AAP per the regulations at 41 CFR 60-2.1(d)(2), edit the status from "open" to "close" and update the employee headcount to zero.

Contractors can register for the Contractor Portal by creating a Login.gov account using an email and a secure password for entry into the portal. The OFCCP Contractor Portal User Guide includes detailed instructions on the registration process.

The Contractor Portal was designed to use the contractor's EEO-1 identifier to create a company profile. This is because any contractor who meets the thresholds for having an obligation to develop and maintain an AAP(s) also meets the thresholds for filing the EEO-1 report.

Contractors who meet the thresholds for having an obligation to develop and maintain an AAP(s) and have not yet filed an EEO-1 report should contact the OFCCP Technical Support Service Helpdesk at 1-800-397-6251. Callers should press 1 for English or 2 for Spanish, then press 1 to reach technical support for assistance. The technical support team will assign temporary identifiers for the parent company and all establishments and will assist with registration.

No. Educational institutions with federal grants need not register in the Contractor Portal if they do not meet the jurisdictional thresholds to develop an AAP. General FAQ #3 provides details on these thresholds.

The Contractor Portal currently supports EEO-1 identifiers that contain up to 15 characters. Contractors whose EEO-1 identifier contains more than 15 characters should contact the OFCCP Technical Support Service Helpdesk at 1-800-397-6251. Callers should press 1 for English or 2 for Spanish, then press 1 to reach technical support for assistance with registering.

The Contractor Portal was designed to use each establishment's EEO-1 identifier for registration. Contractors who wish to add an establishment for which they have not yet been issued an EEO-1 identifier should contact the OFCCP Technical Support Service Helpdesk at 1-800-397-6251. Callers should press 1 for English or 2 for Spanish, then press 1 to reach technical support for assistance with assigning a temporary identifier for the establishment and assist with adding the establishment to the Portal.

The Multiple User Functionality allows a company to have more than one user who can register, update records, and certify establishment(s) or functional/business unit(s) for the company through the Contractor Portal. Specific steps explaining how to use this feature are outlined in the OFCCP Contractor Portal Federal Contractor User Guide found on the Contractor Portal Landing Page: OFCCP Contractor Portal U.S. Department of Labor (dol.gov)

3a8082e126