So we were very exited about the added functionality in Portal 10.5.1 to allow custom widgets through Web App Builder. We own two widgets from vendors that we were finally going to be able to deploy.
It is not recommended to share the custom widget item publicly. For security reasons, a public app will not load the custom widget when anonymous users access it. Further, an app will only load the custom widget that is registered in the same organization as the users who have permissions to access the app.
And then we hit this. Is there anyway to bypass this? We HAVE to be able to deploy this anonymously to the public, that is THE ENTIRE POINT OF PORTAL.
This really seems like a way just to monetize the whole ecosystem, am i supposed to buy and manage named users for all 300k citizens that my portal supports? I understand there is a security risk, but i should at least be given the decision or warned, not forbidden.
I had not seen that caution yet... Well maybe dlaw-esristaff can shed some light on this. As far a needing 300K named users that is not necessary if you establish a headless user some generic name like public with a password of public and then assign limited rights in your org and then share that info with your public users.
We have been advised that headless users are a violation of the terms of service. Have you heard otherwise?
The problem with this, regardless, is that a link would take users to the login page, and a public user would have no idea what the login was.
Robert Scheitlin, GISP Here is the link
Add custom widgets—Portal for ArcGIS | ArcGIS Enterprise
Hopefully dlaw-esristaff can chime in. this doesnt bode well for custom widget development.
I have found i can download the app and the custom widgets function normally, however this is far from ideal.
> Caution: It is not recommended to share the custom widget item publicly. For security reasons, a public app will not load the custom widget when anonymous users access it. Further, an app will only load the custom widget that is registered in the same organization as the users who have permissions to access the app.
This implementation of Web AppBuilder in Portal for ArcGIS was by design because of security concerns. While I have not personally tested, I believe you could use your 2 custom widgets with Web AppBuilder Developer Edition, and host the custom apps on your own web server. Then enable the apps for anonymous access.
I'm sorry that we don't have a better workaround. Can you please submit an enhancement on the ArcGIS Ideas site?
> We have been advised that headless users are a violation of the terms of service.
Confirming that this statement is correct. Using a headless user is a violation of the software license agreement. A named user account is assigned to a real person, like an individual's unique login.
Hope this helps,
Thanks for the clarification. For us this is really a show stopper. We bought and paid for a WAB widget from one of your Gold partners, to deploy functionality to the public through Portal. And now we can not use it in Portal.
I understand the security concerns as it does load scripts from an external site, but for even for widgets I am host on the same site, on the same domain? That should not be a security risk.
Edit - - Even downloading the app doesnt work. I apparently was still logged in. We get a message that states
"Widget is not useable, it is removed"
dlaw-esristaff This is completely unusable. Your Partners are selling widgets we cant use. This is a huge issue. There has to be something we can do.
Please try the following workflow:
0. Download and install Web AppBuilder Developer Edition. Enable the custom widget in Developer Edition.
1. Remove the custom widget from your web app in Portal for ArcGIS.
2. Download the web app from Portal for ArcGIS.
3. Import the web app into Web AppBuilder Developer Edition.
4. Add the custom widget back to the web app in Developer Edition.
Hope this helps,