This article will explain how to troubleshoot and fix orphaned file permissions in Essentials Manager. Your permissions can become orphaned in a number of ways, including but not limited to:
- Running the Post installer on a system running multiple versions of Identity Server
- Migrating your secured site from one Essentials server to another
- Changing your Identity Server configuration
- Start by looking at the security tab in Essentials Manager (As of Essentials 4.5, this tab is called "Security and Data")
- Edit your Geocortex Identity Server configuration
- Make a note of the URL and make sure it is correct (If you are running a standalone version of Identity Server, and you recently ran the Post Installer, this URL could change back to the default).
- Make a note of the Issuer Seed.
Make sure that your site is not open in Essentials Manager.
- Navigate to your site folder and make a backup of your Site.xml (For the site that is showing the orphaned permissions)
- Edit the site.xml file, and search for the word "Issuer"
- You will see an XML block similar to the following:
<Permissions Inherit="True"> <Allow Type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" ValueType="http://www.geocortex.net/security/claims/weak-identifier" Value="bill" Issuer="urn:gcx:idp:F6E6D5D0-E7D0-409C-87F5-00D86FDD241C" OriginalIssuer="https://dbriggs-ess13/geocortex/identityserver" /> <Deny Type="http://www.geocortex.net/security/claims/category/guest" Issuer="urn:gcx:guest" /> </Permissions>
- The part we are interested in is this one:
- Make a note of everything after "urn:gcx:idp:". This is the old Issuer Seed.
- Perform a find and replace in the file for all instances of the OLD issuer seed, and replace them with the NEW issuer seed. Save and close your Site.xml file.
- Now reopen the site in Manager, and check the permissions. You should no longer see any orphaned file permissions.