Community
Select to view content in your preferred language

Application-level Authentication - Proxy is being used for an unsupported service

5522
10
Jump to solution
01-11-2016 10:21 AM
ChrisSmith7
by
Frequent Contributor
‎01-11-2016 10:21 AM

This is the companion thread to Application-level token authentication

In short, I was successful in creating secured services and authenticating at the application level - somewhat! There's a peculiar behavior I haven't quite nailed-down - maybe someone has experienced this before and has an answer...

When I use a cold session, e.g. after clearing cache and restarting the browser, and then load the secured service through the mapping app, I receive an authentication pop-up (which I am trying to avoid). If I enter the correct credentials, I receive the message:

Unable to access the authentication service.

In the console, the error is reported as a 403:

code: Forbidden,message:"Proxy is being used for an unsupported service: https://mygisserver/arcgis/tokens/"}}"

If I navigate to the REST service in the browser, I am prompted to enter credentials, which authenticates successfully. In the same browser, once the session is established, I can then refresh (ctrl-F5) and see the secured layer without receiving an authentication window. This is the behavior I'm seeking - any user can see the secured service in context of the mapping app, without having to manually enter credentials.

Any ideas as to what would cause this? I am using the proxy from the Esri GitHub. I am also keeping the referrer open-ended for now, until I resolve this issue. I don't believe I'm doing anything crazy - right now, I'm just undergoing some POC testing. Here's the pertinent info on how the proxy config looks:

<ProxyConfig allowedReferers="*"
             mustMatch="true">
   <serverUrls>
      <serverUrl url="https://mygisserver/arcgis/rest/services"
                 matchAll="true"
                 username="user"
                 password="password"/>
  </serverUrls>

Here's how the quick test js looks:

var flTest = new FeatureLayer("https://mygisserver/arcgis/rest/services/base_services/test/MapServer/0", {
  id: "points",
  mode: FeatureLayer.MODE_ONDEMAND
});


var simpleJson = {
  "type": "simple",
  "label": "",
  "description": "",
  "symbol": {
  "color": [0, 0, 255, 191],
  "size": 6,
  "angle": 0,
  "xoffset": 0,
  "yoffset": 0,
  "type": "esriSMS",
  "style": "esriSMSCircle",
  "outline": {
  "color": [0, 0, 128, 255],
  "width": 0,
  "type": "esriSLS",
  "style": "esriSLSSolid"
  }
  }
}
var rend = new SimpleRenderer(simpleJson);


flTest.setRenderer(rend);
map.addLayer(flTest);

I have confirmed SSL is set-up correctly on the dev server where the mapping app is hosted, as well as on the GIS server. The map service is an xy feature event from an MS SQL Server db slice, if that matters at all.

Thanks!

0 Kudos
10 Replies
ChrisSmith7
by
Frequent Contributor
‎01-12-2016 10:55 AM

Ah, you know what? The latest proxy resolved the problem (v1.1.0)! It was in plain sight, too - per the changelog, v1.1.0 added:

  • Support for 10.3 tokens.

Releases · Esri/resource-proxy · GitHub

That must have been the issue - it wasn't able to generate the appropriate 10.3 token using the v 1.0 proxy.

Sigh... Thanks again for the help!