We have the following problem within ArcGIS Enterprise:
If arcgis/rest/services/... is accessed via the webadaptor, the token generated via portal/sharing/generateToken is not considered valid. In other words an Invalid Token repsonse is returned.
We checked:
a. The token has not expired (checked and is therefore accepted by other endpoints as described above).
b. The same base URL is used when generating the token (i.e., the domain name in both instances).
Below I describe the situations where this problem surfaces in ArcGIS Enterprise in Portal and in ArcGIS Server Manager
Portal
If you have an item on the content page that isn't publicly shared (i.e., with the owner/organization), you can't view it in the map viewer.
In the developer screen of the browser, we see that the token generated by the Portal via portal/sharing/generateToken is accepted by requests to /arcgis/admin/services/….
but not by requests to /arcgis/rest/services/… response {"error":{"code":498,"message":"Invalid Token","details":[]}}
Server Manager
If you log in via https://domainname/arcgis/manager, you get logged out, because the list with services can not be shown.
In the developer screen of the browser, we see that a token is generated via portal/sharing/generateToken
this is accepted by requests to requests to arcgis/admin/…
but not by requests to /arcgis/rest/services/…. it returns an empty response followed by a revokeToken request /portal/sharing/rest/oauth2/revokeToken
If you go to the server manager via https://domainname:6443/arcgis/manager, you can see the list, and I can also click through to a service without any error.
Questions
1. Does anyone recognize this behaviour? And how did you resolve this situation?
2. What specific settings does arcgis/rest/services use to check if the token is valid? In other words:
- Which settings do we have to check / compair?
- What could cause a token generated by portal/sharing to not be accepted by arcgis/rest/services?
