Community
Select to view content in your preferred language

Application Times-out and requests user's credentials

5410
26
04-15-2022 11:17 AM
AlejandroMari1
by
Frequent Contributor
‎04-15-2022 11:17 AM

We have an ExB application running on top for ArcGIS Enterprise 10.9.0. AGS enterprise is using Integrated Windows authentication to authenticate users and Single Sign On is enabled (users never enter their credentials). 

The application works fine, however after 30 minutes or so, they authentication seems to "timeout" and the user gets a message saying "Please sign in to access the item" (see below). You can't put your credentials here since the system is using IWA, so the only way to continue using the app is to reload the full app and start over again.

SignInScreen.PNG

 

I thought it might be due to inactivity, but it's not. I even added a component that will make a query to Portal every minute to see if this will keep it alive, but didn't work.

Any thoughts on this? 

Thanks!

Alejandro

26 Replies
QuantitativeFuturist
by
Frequent Contributor
‎06-10-2024 09:47 AM

@ClangDevGuy please can you provide some information to this thread? @John_Tyll he'll have something for you soon. apologies for the tease, I know how frustrating esri bugs can be!

ClangDevGuy
by
Regular Contributor
‎06-10-2024 11:46 AM

Oh boy, I am not sure this will be a guarantee fix for everyone, but I can go through my journey that may be of some help, keeping in mind that “your mileage may vary”.  

Environment setup:

  • ArcGIS Enterprise 11.2
  • ExB Dev edition 1.13 -> Deployed on Azure Static Web Apps
  • Azure AD for SSO
  1. Checking the portal expiry from the ArcGIS Portal: https://enterprise.arcgis.com/en/portal/latest/administer/windows/specify-the-default-token-expirati.... Ours is set as -1 which means it’s the max of two weeks:ClangDevGuy_0-1718044836524.png
  2. Check the ArcGIS server tokens here: https://enterprise.arcgis.com/en/server/latest/administer/windows/editing-token-settings-in-manager..... There are short-live and Long-lived tokens, just be careful to not go too long of a lifespan but it could be causing timeouts if an expiring date is not being provided from the ExB/Javascript code.
  3. We currently have our CORS policy empty in arcigs portal settings to accept all domains (as in its just blank): https://enterprise.arcgis.com/en/portal/latest/administer/windows/restrict-cross-domain-requests-to-...
  4. I was ignoring the “cannot register the service worker” warning that was in the developer console when first accessing the app, but I resolved that due to a trailing slash (“/”) problem in URL and how the app was deployed in Azure Static Web App. So, I recommend making sure you see the “register a service worker”:ClangDevGuy_1-1718044836527.png
  5. This led to my to my additional problem of when ExB does a token refresh I noticed it was erroring out from looking at the network requests in the developer tools (I’m using Chrome). Having that trailing slash caused an error in the token refresh. Might be worth looking into the network call if its erroring out to try and narrow it down from there. 
  6. Other things, I upgraded to use the recommended Node.js and React version to 18 when using the dev edition builder.
  7. Upgrade to ExB 1.14 and hope its all fixed 😊. I am personally going to wait for our enterprise to get upgraded to 11.3 before I move into that version because I am starting to get the feel that going too far ahead with the ExB version compared to Enterprise seems to be cause more issues now.

Looking back, I would have just spent more time with a pure ArcGIS JavaScript SDK solution instead of trying to leverage ExB... 

John_Tyll
by
Occasional Contributor
‎06-11-2024 05:55 PM

Thanks @ClangDevGuy I am starting down the path of investigating/implementing your suggestions. Really appreciate you taking the time to post! Hope it helps me and others!!!  

 
PREVIEW
 
 
 
ClangDevGuy
by
Regular Contributor
‎06-12-2024 09:34 AM

@John_Tyll, I just remembered one more thing we tried as well. We have our Enterprise running in a Windows environment so, for our Web Adapter we had our IIS application pool separated out for Portal.

I apologize that I cannot say what exactly was "the fix" because it has been a series of trying multiple things to get it working. I hope it does help others because our users became very frustrated with it (and it drove me nuts as well 🙂).      

0 Kudos
Marshal
by
Frequent Contributor
‎08-27-2024 09:06 AM

Thanks to ClangDevGuy for the write-up and helping guide to a solution that worked for us.  Sharing here in hopes that it helps others.

1)  Changed Max Token Expiration Minutes to -1

2)  Disabled all SignIn methods other than IDP.  No problem for us since we only use IWA.

Either one or both of these changes eliminated the log-in prompt from triggering in our Experience builder applications.  We are using ExB Dev 1.14 and Enterprise 11.3.

Hope it helps!

Preview file
8 KB
John_Tyll
by
Occasional Contributor
‎10-23-2024 11:34 AM

@Marshal - using the portal admin I don't see any output that matches your Portal Settings.png image. IS there a url to that page, you could share or is it just a nice image to get the point across?  

Thanks in advance!

John

0 Kudos
Marshal
by
Frequent Contributor
‎10-29-2024 05:42 AM

The screenshot is from the sharing configuration URL after clicking the update operation.

Bottom of the documentation below has further instructions on getting there.

https://enterprise.arcgis.com/en/portal/latest/administer/windows/specify-the-default-token-expirati...

 

0 Kudos