Select to view content in your preferred language

Generate Token with IWA

565
5
Jump to solution
06-25-2024 10:53 AM
ChrisCowin_dhs
Occasional Contributor

Hello,

My organization uses IWA and SSO. I'm trying to provide access to a non-esri user to query our geocoding endpoint through PowerBI through a built-in account as they are not in the AD group to allow access to IWA/SSO for Pro/Enterprise.

The main issue I'm coming across is that when I try to generate a token though the portal endpoint (/sharing/rest/generateToken) to provide to the geocoding enpoint with the built-in's username and password it always fails and there seems to be zero documentation on how to get around this. The only solution to get around this that they provide is to Logout and use the 'Login again or as a different user' button in the html of the API but that button just signs me into my account and doesnt allow me to try to sign into the built in. And neither of those even solve the issue of how to do it through HTTP requests.

0 Kudos
1 Solution

Accepted Solutions
JakeSkinner
Esri Esteemed Contributor

For your token URL, try the following instead so you're going around the web adaptor:

https://portal.domain.com:7443/arcgis/sharing/rest/generateToken

View solution in original post

0 Kudos
5 Replies
JakeSkinner
Esri Esteemed Contributor

Hi @ChrisCowin_dhs,

In Portal > Organization > Settings > Security, do you have ArcGIS Logins disabled:

JakeSkinner_0-1719338310422.png

 

Or, do you have Windows Authentication enabled in IIS for Portal's web adaptor?

0 Kudos
ChrisCowin_dhs
Occasional Contributor

The later, it is enabled through IIS

0 Kudos
JakeSkinner
Esri Esteemed Contributor

For your token URL, try the following instead so you're going around the web adaptor:

https://portal.domain.com:7443/arcgis/sharing/rest/generateToken

0 Kudos
ChrisCowin_dhs
Occasional Contributor

Hmm when I go to that location it is a 404 error

0 Kudos
JakeSkinner
Esri Esteemed Contributor

You might have the URL incorrect.  Are you specifying the fully qualified domain name of the server that has portal installed?  You don't want to specify the web adaptor server or DNS.