Web Tier authentication issues

06-02-2017 04:20 AM
New Contributor III


We have arcGisServer 10.5 installed, ArcGisPortal 10.5.

We have federated ArcGisServer to Portal.

Web tier authentication has been enabled.

We have written a widget using the web app builder dev edition 2.3, exported the app out and placed it on a web server.

(When web-appbuilder dev edition connects to our portal the signinInfo.json that gets created tells me our portal uses web tier authentication !)

The exported application has been added as an Item on Portal.

The application consumes feature services we have published and appear as items in Portal, these have been secured with groups, with the correct users added to the Identity store pulled through from Active Directory. The web map, the application and the feature services have all been shared to the group I have created.

When the application loads I can see object errors in the console log of internet explorer 11 and chrome

Inspecting the network traffic I can also see tokens being appending to all requests made to the rest endpoint for the feature services. My understanding of web tier authentication, after reading Esri Documentation for this topic (!!) is that tokens should not be used. I only say this as if I physically go to the rest endpoint for the feature service and then go back to the application, I seen no Token errors in the console and the requests made to the rest endpoints contain no tokens.

Does anyone know if we have a configuration error with our Portal and AGS federation ?

An application we have built with the Portal web app builder, that consumes a group secured map service also displays this behaviour.

Anyone else experienced this issue ?

I have also posted this question on the developer forum.

2 Replies
Occasional Contributor III

Any clarification on this. I am running into similar issues.

0 Kudos
New Contributor III


I came to the conclusion that it was a fault with the underlying code, that generates the token error and a confusing description of how IWA in portal on ESRI incs website.

A token gets generated after the errors if you watch the network traffic, which then gets appended to all requests to all map services that have been secured with IWA.

I came to the conclusion that this is just the way it works.

For the apps I have put together using the Web App Builder I modified code in tokenUtils.js to generate a long lived token, as I had issues in generating a new tokens when they expired. This uses WAB 2.2

Sorry not a great deal of help !