Select to view content in your preferred language

Invalid token

10318
6
Jump to solution
08-29-2018 11:58 PM
MarkTurnbull
Regular Contributor

I have ArcGIS Enterprise 10.5.1 set up in a customer's environment.Their ArcGIS Server is Federated to Portal. Their environment consists of:

  • Web Server - hosting 
    • Portal for ArcGIS
    • Portal Web Adaptor in IIS
    • ArcGIS Web Adaptor in IIS
  • App Server - hosting
    • ArcGIS Server
  • Database Server (SQL Server)

They have Web Tier Authentication activated and map services are shared to groups within Portal.

When my token has timed out, if I try to access a webmap through portal's map viewer it fails to authenticate and I get invalid token messages in my browser console and in the Server logs.

If I access the service directory as the same user via the arcgis web adaptor, I find that I need to click the login link and this seems to generate a valid token, that will then allow my webmap to work in the map viewer (or any other web app), until the token times out again.

Can anyone explain why this is happening?

The web server does have an alias to the hostname, but AFAIK everything has been set up on the web server using that alias (not the actual internal hostname). The alias is in a different domain to the internal server name. Don't know if this infomation is relevant but I've included it in case it is.

1 Solution

Accepted Solutions
MarkTurnbull
Regular Contributor

Thanks for your reply Ellen.

I did however find the solution to my problem. I needed to install Portal for ArcGIS Security 2018 Update 1 Patch.

This solved the problem.

View solution in original post

6 Replies
EllenNodwell_IntegraShare
Frequent Contributor

Dumb question I am asking here:  have you gone here About ArcGIS tokens—ArcGIS Server Administration (Windows) | ArcGIS Enterprise and looked at the time-out settings for your short-lived and long-lived tokens in ArcGIS Server? 

We had to adjust ours short-lived and long-lived lifespan values to cope with this issue, especially after we implemented the ADFS OAuth2 on our servers; the users sign-in through Portal and after we did this, we had to understand the time-out values settings again - tweaking it so that we did not have these short-lived tokens causing issues.  

If you read that topic in that link above, and the sub-topics under that ArcGIS token-based authentication - it may give you better insight into what is going on with your particular situation.  Lots of moving parts to orchestrate depending on your security set-up. 

Our AZURE system administrator contacted Esri Support and got some good guidance from them on this, real-time.

Anyhow, hope this helps.

0 Kudos
MarkTurnbull
Regular Contributor

Thanks for your reply Ellen.

I did however find the solution to my problem. I needed to install Portal for ArcGIS Security 2018 Update 1 Patch.

This solved the problem.

JacobDeuel
Emerging Contributor

Hey Mark, 

I am currently running 10.6.1 and I am getting a bunch of errors related to tokens.  Everything still works but it is super slow.  Is there a patch like this for version 10.6.1?

Server machine 'https://URL:7443/arcgis/sharing/rest/community/self' returned an error. 'Invalid token.'

 

0 Kudos
JonathanQuinn
Esri Notable Contributor

Is that entry logged under DEBUG? If so, it can be ignored. We're working on cleaning up those types of messages.

0 Kudos
JacobDeuel
Emerging Contributor

Under Warning

MelanieWawryk
Frequent Contributor

Any chance you could get rid of the Type of Layer: 'Name of group' is 'Group Layer', which is not supported. It really clogs up the logs

0 Kudos