Community
Select to view content in your preferred language

store credentials in AGOL, access in Collector

10419
28
01-15-2015 01:52 PM
danbecker
by
Regular Contributor
‎01-15-2015 01:52 PM

Very simple question, I would like to know if anyone has success taking a webmap offline in Collect that contains a feature service with stored credentials?

1. publish a feature service on your 10.2.2+ server, make sure to enable Sync in the feature service capabilities.

2. secure it with "traditional" GIS-tier authentication (ArcGIS Server built-in username/password) that uses tokens

3. Login to your organizational ArcGIS.com account

4. In 1 of the folders under "my content", click add item / from the web

5. Enter the REST endpoint URL to your feature service, then hit Tab key

6. Enter valid credentials to access the service

7. make sure to select "Store credentials with service item. Do not prompt for authentication"

8. Enter name, tags, ect... then Add Item

9. If login box pops up, enter valid service credentials again.

10. Add this item to a new webmap and save webmap as TEST

11. Share both the feature service item and webmap with a group or your orginization

12. Login to your organization using Collector for ArcGIS

13. click the cloud download button on the TEST webmap you saved in step #10

During the map download in Collector, do you get an error? My testing says YES.

Why? Because you have credentials stored with the item you added to ArcGIS Online.

Follow exact same workflow, but this time, on step #7 select "Do not store credentials with service item. Prompt for authentication everytime."

During the map download in Collector, do you get an error? My testing says NO. Because credentials are not stored with the feature service item.

Tags (2)
28 Replies
DanielSmith
by
Occasional Contributor III
‎04-15-2015 03:55 PM

Same here. We add the service at the top level as well.

0 Kudos
danbecker
by
Regular Contributor
‎04-15-2015 03:48 PM

I think AGOL can req. Tokens fine, it works when creds. Aren't stored.

I think its cert. Related or in the way AGOL used or accesses the creds.

Do you by chance have a wildcard cert? I.e. *.yourdomain.com in the CN field??

0 Kudos
DanielSmith
by
Occasional Contributor III
‎04-15-2015 04:00 PM

No. But I will double check.

EDIT: Confirmed no wildcard cert

0 Kudos
DeniseKing1
by
New Contributor
‎04-16-2015 01:04 PM

Dan and Daniel,

Please email me (dking@esri.com) so that I can help you submit a support case and aide in resolving this issue. Apps Group wants to diagnose the issue as we have successfully used the Collector app using ArcGIS Serer built-in user token security in the past.

Thank you,

Denise

Technical Lead - Apps/Mobile

Esri Support Services

0 Kudos
NicolasGIS
by
Regular Contributor
‎08-03-2015 08:57 AM

Exactly the same problem with :

     - ArcGIS server 10.3.1

     - HTTPS only

     - GIS-tier authentication

     - Feature service with sync enabled

I cannot download the map if credentials are stored in the feature layer but it works if they are not stored.

When credentials are stored, it is important to notice that I can see layers in Collector but not download them.

The error message in Collector is :

"The requested URL was not found on this server".

When checking the feature properties, URL of the layer follows the following pattern :

https://utility.arcgis.com/usrsvcs/servers/......someId...../rest/services/folderName/ServiceName/Fe...

and I have also an error 403 :

You do not have permissions to access this resource or perform this operation.

Any progress since April ?

Cheers,

Nicolas

0 Kudos
danbecker
by
Regular Contributor
‎08-03-2015 09:29 AM

In working with ESRI support to diagnose the problem, I was advised to disable security for virtual directories via the server admin endpoint. Security/Config/Update, uncheck virtural directories security enabled.

Then you can store credentials with service item in AGOL and it will work with Collector.

Since I am unaware of how this effects overall security of the service, I opted to leave the feature enabled, and simply advise our field staff to login when prompted. It was relatively easy to create a new ArcGIS Server username/pw to have the same credentials as their AGOL named user account.

0 Kudos
DanielSmith
by
Occasional Contributor III
‎08-03-2015 09:35 AM

At least the severity has been bumped to High and it appears to be Open and Assigned. Wonder if we'll have to wait for 10.3.2 to patch the security hole or if a hot fix/patch will be released.

0 Kudos
NicolasGIS
by
Regular Contributor
‎08-03-2015 11:37 PM

Thanks for your answers and for the bug report.

Indeed, it works for me as well when security for virtual directories is disabled. But it is taking a longer time than usual.

Though, I still have the 403 error when getting the URL written is the map layers item.

Good to know that they are working on it.

0 Kudos