Community
Select to view content in your preferred language

Prevent Authentication type dialog in a OAUTH2 context to popup

341
5
08-22-2024 09:10 AM
ChristopheS
by
Emerging Contributor
‎08-22-2024 09:10 AM

Hi all,

We have configured an OpenId Connect (OIDC) with our ADFS, on our 11.2 Arcgis Portal. Authentication works but, even though we have already logged in on our OIDC  (which should allow all identity  Apps defined in ID manager), our Arcgis JavaScript  (jsAPI 4.26) application is still prompting user with a dialog that says "keycloak wants to access account information from Siveco Arcgis portal 11.2".

(Keycloak is the AppID in Arcgis Portal that is protected with OAUTH2).

This dialog pops up ones the first time we open the App, but it should never popup because we are already authenticated.

dialog-oidc.jpg

Note that this dialog does not seem to be the one that reacts on event IdentityManager.on('dialog-create', () => {IdentityManager.dialog.open = false; .....}.

We also noticed that when we click on the button OIDC it displays straightaway the secured layers in the map and we noticed at this point that in web browser local storage, a token-cookie with the user we have connected with is created.

Is there a way to prevent this useless dialog ? This may be done in Arcgis Server Portal configuration, or in our Javascript App with Esri JsAPI ?

Regards

Chris

ps. In JavaScript we use this kind of authentication sequence:

 

//1-First step to create an OAuthInfo object and register it with the IdentityManager.
let info = new OAuthInfo(
{
	appId: gisServerOpenId.client_id,
	portalUrl: gisServerOpenId.serverUrl,
	popup: false
});
IdentityManager.registerOAuthInfos([info]);
//2-Next, check if the user is signed in.
await IdentityManager.checkSignInStatus(info.portalUrl + "/sharing").then(function (evt)
{
//
})
.catch(function (err) {
	console.log(err);
});
//3-Once signed in, retrieve the credentials.
IdentityManager.getCredential(info.portalUrl + "/sharing");

 

0 Kudos
5 Replies
ChristopheS
by
Emerging Contributor
‎09-02-2024 07:53 AM

Any clues on that issue ?

It is quit strange that while OpenId has been introduced in 11.2 Arcgis Server, no one has been using it yet, moreover no ESRI developer is aware if this ?

0 Kudos
AshishBoban1
by Esri Contributor
Esri Contributor
‎09-27-2024 08:02 AM

Hi @ChristopheS,

Can you try to add "esriConfig" module in the application as follows:

require([
"esri/config"
], function(esriConfig) {

// Set the hostname to the on-premises portal
esriConfig.portalUrl = ""; //enter the portalURL

I believe this should give the "Allow" prompt instead of credentials prompt.

0 Kudos
ChristopheS
by
Emerging Contributor
‎09-27-2024 08:58 AM

Hi @AshishBoban1 ,

Effectively, esriConfig.portalUrl  is equal to "https://www.arcgis.com" by default.

If I set it to our Arcgis portal which looks like "https://geoloc.siveco.gr/portal" like this, we have:

esriConfig.portalUrl = portalUrl;
identityManager.registerOAuthInfos([info]);
identityManager.getCredential(info.portalUrl + "/sharing");

 

.. we still have the dialog popup, unfortunately.

0 Kudos
AshishBoban1
by Esri Contributor
Esri Contributor
‎09-27-2024 11:51 AM

Hi @ChristopheS,

Please check if esriConfig.portalUrl = "https://geoloc.siveco.gr/portal" is as same as the value provided in the portalUrl parameter of OAuthInfo class (gisServerOpenId.serverUrl). The portalUrl should be same at both the locations.

0 Kudos
ChristopheS
by
Emerging Contributor
‎09-30-2024 02:50 AM

Hi @AshishBoban1 ,

Yes it is, code looks like this :

 

 

let portalUrl = gisServerOpenId.serverUrl;//"https://geoloc.siveco.gr/portal",
let info = new OAuthInfo(
{
	appId: gisServerOpenId.client_id,
	portalUrl: portalUrl,
	popup: false
});
EsriConfig.portalUrl = portalUrl;
IdentityManager.registerOAuthInfos([info]);
IdentityManager.getCredential(info.portalUrl + "/sharing");

 

 

 

 
0 Kudos