I'm using ArcGIS Server 10.4. I have services secured with OAuth 2. I'm trying to use the OAuthInfo and IdentityManager to access my services in a web app. Similar to this sample: OAuth Basic | ArcGIS API for JavaScript 3.26
Instead of displaying a gallery I'm just trying to add the secure services to a map. All of the documentation I've read refer to ArcGIS.com and ArcGIS Enterprise (Portal). Does this security model extend to ArcGIS Server without portal configured?
Thanks very much.
Hi Nils,
The IdentityManager works with both ArcGIS Server token authentication and ArcGIS.com and/or Portal. If you wish to use the OAuth approach with ArcGIS.com/Portal, you would need to use the OAuthInfo class. This is not necessary if just trying to access secured ArcGIS Server services. The way that the IDManager works is it recognizes if there is any secure services in an application. If so, it will prompt the user for credentials. Since you are not using ArcGIS.com or Enterprise Server to host these services, you don't need to worry about the OAuthInfo portion of things.
Here is an old sample that shows how this is handled, Accessing secure ArcGIS Server services .
You may want to listen to a talk I did at one of our conferences a couple years back, we discuss the different types of authentication and how they are handled in the API. The specifics to what you are asking is around the 3:00 minute mark. We discuss and show a demo.
Security and ArcGIS Web Development Video | Esri
HTH,
Heather
Thanks Heather, that's very helpful. I had not seen that video before. That explains a lot. I have configured my sample app to simply use the Identity Manager and it works as you've described. The user gets prompted when the secured map service is added to the map. However, I'm the GIS Developer building maps for a larger app. Users have to login to the application. The user logins are replicated with ArcGIS Server. What I would like to do is authenticate the user against ArcGIS Server when they login to the application, so they don't have to login again when they open a map. We are using ArcGIS for Server Advanced 10.4.1. The user logins are being managed in an OAuth system and ArcGIS Server is configured to use the OAuth system.
On another note, if I secure a GP service how do I submit a job to it from the JavaScript API.
Thanks very much,
Nils
Hi Nils,
You mention "The user logins are being managed in an OAuth system and ArcGIS Server is configured to use the OAuth system." Do you mean, you are using the ArcGIS platform to manage your users? If so, do you also have your Server federated with it? If this is the case, you will need to work with the OAuthInfo class. To do this, register an application within the platform and use it's ID in the OAuthInfo class. There is the option in the IdentityManager popup to check on whether to save this login for future use.
You also as how do you submit a job to a secure GP service? The same premise applies here as well. Anytime the API comes across a secure service that it cannot access, it will prompt you with this dialog.
Thanks Heather, our system is overly complicated. We are not using the ArcGIS Platform to manage users. The server is not federated. Here is a screen shot of our configuration settings:
Thanks,
Nils
Hi Heather,
The link to the video no longer works. Any chance there is a newer conference video on this topic at js 4.x? Thanks.