I have a puzzle. Any thoughts or ides on what the cause could be would be greatly appreciated.
Our setup is URL<->F5<->Web adaptor<->ArcGIS
Our server is only over Https. This issue existed when it was both http & https, so that is not the issue.
I can generate a token on localhost, append the token and presto-change the token works over and over no issues.
I can generate a token through web adaptor to and presto-change the token works over and over no issues.
When I generate a token through the F5, I can but when I try and use the token I am brought to the login page.
I have identified that this an F5 issue. Since using localhost bypasses the F5, and using web adaptor bypasses the F5. But I don't know why this might happen. F5 is bridged 443 to 443, and has a 80 to 443 redirect. There is a signed certificate and the connections all work. It's just the tokens that do not.
Solved! Go to Solution.
More to the puzzle if I generate a token this way https://domain/arcgis/tokens?request=gettoken&username=username&password=password&http://domain
and append it I am not redirected and the token works as expected...
But if I generate a token via the GUI off the rest services home then I am redirected....
My guess is that you need to set the webContextUrl to reference the F5. That or the x-forwarded-host. Sounds like ArcGIS Server isn't matching the referrer, causing the token to be considered invalid.
Thanks for your reply. I think you are right. I tried the webContextUrl, I also added the proxy files from here https://github.com/Esri/resource-proxy and configured those. I've done a bunch of other steps and still I am redirected but only if I come in through Get Token off the ArcGIS Rest Services home.
Solved by removing SNAT off the F5 configurations.
This is an older thread. I just came across it and it applies to what we just completed. We also setup a F5 load balancer design. After putting it together we decided to drop the web adapters out. Spoke with ESRI about it and they said that is a good approach. What is the reason you are using them? Are you using web tier authentication? We are not and only saw that as the main reason to include that as an extra layer.
Interested on why you chose to keep them.