topic Re: Prevent Authentication type dialog in a OAUTH2 context to popup in ArcGIS JavaScript Maps SDK Questions

Prevent Authentication type dialog in a OAUTH2 context to popup

ChristopheS — Fri, 23 Aug 2024 14:36:05 GMT

Hi all,

We have configured an OpenId Connect (OIDC) with our ADFS, on our 11.2 Arcgis Portal. Authentication works but, even though we have already logged in on our OIDC (which should allow all identity Apps defined in ID manager), our Arcgis JavaScript (jsAPI 4.26) application is still prompting user with a dialog that says "keycloak wants to access account information from Siveco Arcgis portal 11.2".

(Keycloak is the AppID in Arcgis Portal that is protected with OAUTH2).

This dialog pops up ones the first time we open the App, but it should never popup because we are already authenticated.

Note that this dialog does not seem to be the one that reacts on event IdentityManager.on('dialog-create', () => {IdentityManager.dialog.open = false; .....}.

We also noticed that when we click on the button OIDC it displays straightaway the secured layers in the map and we noticed at this point that in web browser local storage, a token-cookie with the user we have connected with is created.

Is there a way to prevent this useless dialog ? This may be done in Arcgis Server Portal configuration, or in our Javascript App with Esri JsAPI ?

Regards

Chris

ps. In JavaScript we use this kind of authentication sequence:

//1-First step to create an OAuthInfo object and register it with the IdentityManager. let info = new OAuthInfo( { appId: gisServerOpenId.client_id, portalUrl: gisServerOpenId.serverUrl, popup: false }); IdentityManager.registerOAuthInfos([info]); //2-Next, check if the user is signed in. await IdentityManager.checkSignInStatus(info.portalUrl + "/sharing").then(function (evt) { // }) .catch(function (err) { console.log(err); }); //3-Once signed in, retrieve the credentials. IdentityManager.getCredential(info.portalUrl + "/sharing");

Re: Prevent Authentication type dialog in a OAUTH2 context to popup

ChristopheS — Wed, 11 Sep 2024 08:05:34 GMT

Any clues on that issue ?

It is quit strange that while OpenId has been introduced in 11.2 Arcgis Server, no one has been using it yet, moreover no ESRI developer is aware if this ?

Re: Prevent Authentication type dialog in a OAUTH2 context to popup

AshishBoban1 — Fri, 27 Sep 2024 15:10:56 GMT

Hi @ChristopheS,

Can you try to add "esriConfig" module in the application as follows:

require([
"esri/config"
], function(esriConfig) {

// Set the hostname to the on-premises portal
esriConfig.portalUrl = ""; //enter the portalURL

I believe this should give the "Allow" prompt instead of credentials prompt.

Re: Prevent Authentication type dialog in a OAUTH2 context to popup

ChristopheS — Fri, 27 Sep 2024 15:58:39 GMT

Hi @AshishBoban1 ,

Effectively, esriConfig.portalUrl is equal to "https://www.arcgis.com" by default.

If I set it to our Arcgis portal which looks like "https://geoloc.siveco.gr/portal" like this, we have:

esriConfig.portalUrl = portalUrl; identityManager.registerOAuthInfos([info]); identityManager.getCredential(info.portalUrl + "/sharing");

.. we still have the dialog popup, unfortunately.

Re: Prevent Authentication type dialog in a OAUTH2 context to popup

AshishBoban1 — Fri, 27 Sep 2024 18:55:30 GMT

Hi @ChristopheS,

Please check if esriConfig.portalUrl = "https://geoloc.siveco.gr/portal" is as same as the value provided in the portalUrl parameter of OAuthInfo class (gisServerOpenId.serverUrl). The portalUrl should be same at both the locations.

Re: Prevent Authentication type dialog in a OAUTH2 context to popup

ChristopheS — Mon, 30 Sep 2024 09:52:16 GMT

Hi @AshishBoban1 ,

Yes it is, code looks like this :

let portalUrl = gisServerOpenId.serverUrl;//"https://geoloc.siveco.gr/portal", let info = new OAuthInfo( { appId: gisServerOpenId.client_id, portalUrl: portalUrl, popup: false }); EsriConfig.portalUrl = portalUrl; IdentityManager.registerOAuthInfos([info]); IdentityManager.getCredential(info.portalUrl + "/sharing");