Community

Remove stored credentials from AGOL layer coming from Enterprise

1235
3
03-21-2018 11:35 AM
JaredFischer
by
New Contributor II
‎03-21-2018 11:35 AM

We have an ArcGIS Enterprise setup (10.5) with a feature service we're passing through ArcGIS Online to be used in a public-facing web app.  It displays the service and allows for different types of queries that can be run against it.  Some of the queries are custom-written and have been added to the app, which was created in Web App Builder.  During testing, I had enabled security on the service, so it was added into AGOL with credentials that were stored with the item.  Now, I have removed the security on it to make it public, so it can be used in the app more easily.  The problem is, we're running into issues with the service and not being able to access the item description.  When I go to the Overview page in AGOL and click "Service URL" I get the following screen:

Also, the URL on the Overview page references an arcgis.com item (lower left), but on the Settings tab it references my Enterprise feature service (lower right).  It also gives me the option to edit the credentials that are stored with the item.

I'm not sure, but I'm guessing the error I'm getting above is due to the fact that when the item was originally added, it was secure, so credentials were stored with it.  But now, I don't know how to update it to tell AGOL that it is a public service and does not need to store credentials.  Is there a way to update an AGOL item that's coming from ArcGIS Enterprise to remove the credentials?

I've tried adding the item from Enterprise again, and it does not ask for credentials, and the "Service URL" takes me to the item description page as it should.  So, I'm assuming we could just remove our production AGOL layer, re-add it, and it would be good to go, but I'm worried it might disrupt some of the custom queries we have built in the app.  If the service name is the same, everything should still work, right? 

0 Kudos
3 Replies
MikeDahm
by
Occasional Contributor
‎11-29-2018 11:54 AM

Did you ever get a response or a workaround this problem?

0 Kudos
KellyGerrow
by Esri Frequent Contributor
Esri Frequent Contributor
‎11-30-2018 02:24 PM

Hello,

When a service is secure and added to ArcGIS Online using the option to store credential,  a proxy item is created which securely stores the information. When ArcGIS.com accesses the layer it goes through the proxy before accessing your service on your server. That is why you see the item url as https://utility.arcgis.com after it has been added.

When you make the item public, it is still registered in ArcGIS Online as a service that needs to be connected through a proxy when this isn't needed. I would suggest deleting the initial item and adding the url as a new item. This way it will register the url without a proxy and your users can find and use the url. You will need to update any maps that had the proxied service with the new url.

-Kelly

0 Kudos
JustinReynolds
by
Occasional Contributor III
‎03-23-2022 08:36 AM

@JaredFischer @KellyGerrow @MikeDahm The rest api seems to suggest that this is possible.  See the removeServiceProxy property of the item's update method.  I'm about 3.5 years late to this post so I have no idea if this was a thing around the time of the OP.

https://developers.arcgis.com/rest/users-groups-and-items/update-item.htm

This can be accomplished using the arcgis python api as follows:

 

from arcgis.gis import GIS

gis = GIS(<URL>, <username>, <password>)
username = gis.properties.user.username
print(f'---> Logged in as {username} @ {gis.url}')

item_types = ['Feature Service']
item_title = 'Test_Shared_Item'

# Search for items of interest
items = [item for item in gis.content.search(query="" + "* AND owner:" + username, 
                                                max_items=10000) if item.type in item_types
                                                                 if item.title == item_title] 

print('Proxied Service Details:')    
for item in items:
    print(item.title)
    print(item.url)
    print(item.typeKeywords)

# Remove Service Proxy to unsecure the service
for item in items:
    desc = f'--> Service proxy has been removed'

    update_properties = {"description": desc,
                         "removeServiceProxy": True}

    updated_item = item.update(item_properties=update_properties)
    
    print('Updated Service Details:')
    print(item.url)
    print(item.typeKeywords)

 

 Output:

 

GIS Portal
---> Logged in as Some.User @ https://<Tenat>.maps.arcgis.com

Proxied Service Details:
https://utility.arcgis.com/usrsvcs/servers/b453534ba4254761bb7a81df40b08b98/rest/services/Hosted/Test_Shared_Item/FeatureServer
['ArcGIS Server', 'Data', 'Feature Access', 'Feature Service', 'Service', 'Singlelayer', 'Service Proxy']

Updated Service Details:
https://<some.enterprise.portal>/server/rest/services/Hosted/Test_Shared_Item/FeatureServer
['ArcGIS Server', 'Data', 'Feature Access', 'Feature Service', 'Service', 'Singlelayer']

 

Notice that the URL changed and that the "Service Proxy" item was removed from the typeKeywords list as a result of the update on the item.

*Note that this makes a change to the Service URL (as it is no longer proxied).  If you have apps that utilize this layer (e.g. dashboard) you will need to update/swizzle the url in the web map's json that the app is using.  For each layer in a web map there are two references to the underlying item (the url and the item id).  The itemid is unchanged here, but the url has changed.  You will need to update the json to point to the updated url for each instance of the item in the web map, before opening the web map in the map viewer.  This can be done using AGO assistant or swizzled using python.

You can see the proxied URL is in use in the Web Map's JSON and that there are two references to the underlying item (itemId and url).  The id is randomly generated when the layer is added to the map as <Item.title>_<randomNumber>.  Apps like dashboards make a connection to a web map by itemId and to its layers by layer id (or just 'id').

 

...
},
{"id": "Test_Shared_Item_9885",
 "layerType": "ArcGISFeatureLayer",
 "url": "https://utility.arcgis.com/usrsvcs/servers/
         65b20ebca4c3404b81d5a14744076668/rest/services/Hosted
         /Test_Shared_Item/FeatureServer/1",
 "visibility": false,
 "opacity": 1,
 "mode": 1,
 "title": "Test_Shared_Item",
 "itemId": "65b20ebca4c3404b81d5a14744076668",
...

 

Changing the URL above to the unproxied url should be all that is needed.  A Dashboard uses only the "id" property as a reference to the layer in a map, so there should be no need to update anything in a dashboard itself in this process, but the layer will appear broken in the dashboard until the web map's json is updated to reflect the unproxied url.

- Justin Reynolds, PE
0 Kudos