Community

How does ArcGIS Runtime supports the OpenID connect method?

604
3
Jump to solution
04-04-2022 04:55 AM
Jan-Tschada
by Esri Contributor
Esri Contributor
‎04-04-2022 04:55 AM

ArcGIS Enterprise 10.9 allows an administrator to manage OpenID logins. One of our customer tries to implement an OpenID login by using the native login screen and a custom authentication handler for OpenID connect. We ran out of luck to find any ArcGIS Runtime sample using OpenID connect logins. Would you be so kind and tell us, if the AuthenticationManager supports OpenID connect, or how to implement a custom AuthenticationManager?

 

Follow up:

Product Manager
Developers and Location Services
Germany and Switzerland
0 Kudos
1 Solution

Accepted Solutions
NimeshJarecha
by Esri Regular Contributor
Esri Regular Contributor
‎04-07-2022 02:12 PM

You can try following steps,

1. Set `AGSAuthenticationManager.delegate`.

2. In the delegate implement authenticationManager:didReceiveAuthenticationChallenge:

3. When challenge is issued for the portal, get the token through your custom implementation.

4. Create AGSCredential with generated token.

5. On the `AGSAuthenticationChallenge` object call, continueWithCredential:

If this works, the only problem will be that we'll not be able to automatically refresh token when it expires.

Regards,

Nimesh 

View solution in original post

0 Kudos
3 Replies
NimeshJarecha
by Esri Regular Contributor
Esri Regular Contributor
‎04-05-2022 03:58 PM

You need to setup the ArcGIS Enterprise portal to use the OpenID connect. Please refer below link. 

https://enterprise.arcgis.com/en/portal/latest/administer/windows/openid-connect-logins.htm

In ArcGIS Runtime, you need to initiate the portal loading using OAuth and in the OAuth login page you should see an option to login using the OpenID connect you have configured above. 

The Authenticate with OAuth sample may be helpful.

There some more docs available to configure OpenID using different type of accounts.

https://github.com/Esri/idp/tree/main/Documentation/OpenID

Hope this helps!

Regards,

Nimesh

0 Kudos
Jan-Tschada
by Esri Contributor
Esri Contributor
‎04-06-2022 08:16 AM

There is a need for a custom workflow, because the default browser cannot be used on some secured devices. So that, the Authentication Manager must be customized or maybe the authentication challenge handler must be implemented using the native device "auth controller". The only library we are aware of is AppAuth for iOS by openid supporting a custom authentication handler on top of "SFSafariViewController". Maybe we should give it a try... @NimeshJarecha 

Product Manager
Developers and Location Services
Germany and Switzerland
0 Kudos
NimeshJarecha
by Esri Regular Contributor
Esri Regular Contributor
‎04-07-2022 02:12 PM

You can try following steps,

1. Set `AGSAuthenticationManager.delegate`.

2. In the delegate implement authenticationManager:didReceiveAuthenticationChallenge:

3. When challenge is issued for the portal, get the token through your custom implementation.

4. Create AGSCredential with generated token.

5. On the `AGSAuthenticationChallenge` object call, continueWithCredential:

If this works, the only problem will be that we'll not be able to automatically refresh token when it expires.

Regards,

Nimesh 

0 Kudos