Sign in to ArcGIS Online with Survey123 OAuth2 error

1951
13
04-03-2017 05:43 AM
New Contributor II

I'm having issues with Active Directory users attempting to sign in to ArcGIS Online with Survey 123 (no such errors with Collector) and the issue does not apply to all users. Some users are getting the following message:

"Please copy this code, switch to your application and paste it there:"

OAuth2 Approval

Any suggestions?

Tags (2)
Reply
0 Kudos
13 Replies
Esri Esteemed Contributor

Hi,

It looks like something is getting mis-configured during the login process. Which version of Survey123 is being used? Is the Active Directory endpoint providing a Windows Authentication challenge or web form login?

We've been working on enhancements to login scenarios like the one you describe above in the 2.0 version of Survey123, available at the Early Adopter Community.

Reply
0 Kudos
New Contributor II

We're using the latest version (1.10.25) of Survey123. I'm unsure about the answer to your question regarding Windows Authentication challenge or web form login, but the last screen the user sees before the failure is our standard F5 screen:

Reply
0 Kudos
Esri Esteemed Contributor

Okay, it looks like the latter option (form).  Given that, it sounds like the problem might Survey123 not recognizing the access token after login or the page taking a longer time to complete than expected.  I would try against the version 2.0 of Survey123- while we weren't specifically solving this issue, there are a set of general login stability improvements.  You can get to it via the http://bit.ly/S123beta .

Reply
0 Kudos
Esri Contributor

James,

I am seeing the same issue on an iPhone 5 connecting to several orgs with Okta logins enabled. Works fine on my Android (Galaxy S6 Edge). Using v2.0 of Survey123.

Reply
0 Kudos
Esri Esteemed Contributor

Hi Kevin,

This is a known issue with IWA-fronted SAML logins.  With 2.0, we introduced preliminary support for a configuration that can work around the limitation.  Go to 'Settings' and select the 'Portals' tab.  Click and hold on 'Select your Active ArcGIS Portal'- this will show the advanced configuration options.  Click on 'Add Portal'. Type in the organization name and select 'Use external web browser for sign in' and then add the Portal.  When signing in, you will see that Survey123 actually launches over to your browser to sign in, and then goes back to Survey123 once the sign in is complete.  Currently, this works best on mobile devices -t here are some issues with it on Windows (which is why I categorized this as 'preliminary' support).

Occasional Contributor II

James,  I'm also seeing the error that Kevin sees using iOS with Okta and Enterprise logins to our Portal for ArcGIS 10.5.1.  I followed your instructions and when I login Survey123 passes me to a browser as you said it would then when I log in, I'm receving the following error  "Could not access any Portal Machines. Please contact your system Admistrator." The URL I'm taken to is https://dot.esri.com/portal/sharing/rest/oauth2/saml/signin.  I've never seen this error logging into our portal from any other app.  Any ideas?

Reply
0 Kudos
Esri Esteemed Contributor

Hi Eric,

The 'Could not access any Portal Machines' is a Web Adapter/Portal error.  I just attempted to access the portal and got to the landing page successfully

Reply
0 Kudos
New Contributor II

We are having the same issue on a few iOS devices, not all, trying to authenticate to our Portal, and they used to work just fine, no config changes.  We try your advanced, external web browser method, but that just opens the browser to a bad URL

https://our-portal-url/arcgis/sharing/rest/oauth2/authorize?client_id=survey123&grant_type=code&resp...

that returns a 400 error "Invalid redirect_uri".  What else can we try?  We have Survey123 for iOS 2.6.9

Reply
0 Kudos
Esri Esteemed Contributor

Hi Jim,

We are working to correct this issue. In the meantime, you can set up login using an external browser. In the login dialogue, click on the gear icon, click ‘Add Portal’, enter the address of your organization, and select the ‘Use external web browser for sign in’.