Using IWA with javascript application hosted on server that is not used by ArcGIS Enterprise

07-22-2021 10:21 AM
MVP Regular Contributor


For some reason I think this should be more straight forward.  What we need to do is access a secure service on our ArcGIS Enterprise installation from a map built using the javascript API.

If I host the web application on the same server as the ArcGIS Enterprise installation, everything works without any issue.  Do not even have to do anything with IdentityManager.  Looking at fiddler I can see that the requests are challenged with a 401 response and then another call is made passing in the required Negotiate security header.

However, this is no longer the case when hosting the application on a different web server, also within the same domain.  Looking at fiddler in this case the same initial 401 response, however, in these cases (I have tried a number of servers) the follow-up request with the Negotiate header is never sent.

I have tried too many things to even describe basically following numerous examples of how one would use IdentityManager to request credentials.

These all take the general form of

    const server = portalUrl + '/sharing/rest';
    const tokenServiceUrl = server + '/generateToken';

    const serverInfo = {

    const userInfo = {

    esriId.generateToken(serverInfo, userInfo).then((tokenInfo) => {
        esriId.registerToken({tokenInfo, server})
    }, (error) => {
    }).catch(() => {

In this case what is observed is that the request to the generateToken endpoint returns a 401 response but again the follow-up request with the Negotiate header is never sent.

I am at my wits end.  Hosting the web application on the ArcGIS Enterprise server in our production environment is likely not possible so we need a way to do from a separate server 


Tags (2)
0 Kudos
2 Replies
MVP Regular Contributor

So has no one ever done this (successfully)?


Is there anyone at esri that has insight to this issue?






0 Kudos
Esri Regular Contributor

@JoeHershman on the surface this sounds like a configuration issue within your environment. Can you open a support ticket? They can review your configuration in detail, there could be quite a few variables in play that are best investigated in a one-on-one support setting.

0 Kudos