Enterprise Login with Web AppBuilder Developer

3554
13
Jump to solution
08-08-2019 06:06 AM
JessieCahoon
New Contributor II

I'm trying to authenticate a local custom Web AppBuilder application with our organization's enterprise login so I can keep a webmap privately shared to a group and kind of use that as the authentication to using part of the application. 

I followed the advice here: 

Web-tier authentication—Web AppBuilder for ArcGIS (Developer Edition) | ArcGIS for Developers 

With no luck so far (I could be doing something wrong).  Is it because our agency's enterprise login is through ADFS?

Any thoughts would be great.  I asked Jake Skinner, he thought tagging in Robert Scheitlin, GISP and Kelly Hutchins - that you guys might have some ideas.

Do I have to build a custom login component to utilize our Enterprise Logins?

Any help would be great!! Thanks!

1 Solution

Accepted Solutions
SethLewis1
Occasional Contributor III

Hi Jessie,

Have you tried the following?

1) Add a web application item in your Portal/AGOL with the URL of your locally deployed app. This item will function as a placeholder for your locally deployed app.

2) Go into the just registered app's settings and click Register at the bottom to generate an AppId.

3) Set the redirect URI(s) to your app.

4) Copy the appId into your locally deployed app's config.json in the appId property. (see below)

5) Attempt to load the app in your browser. Do you receive an OAuth2 Modal with an Enterprise Login option rather than the ArcGIS Datastore Named User login?

"portalUrl": "https://portal url",
"appId": "insert appid from registered app in portal",‍‍‍‍

Permissions to the app using ADFS would then be scoped as to how the registered app is shared across your organization.

View solution in original post

13 Replies
RobertScheitlin__GISP
MVP Esteemed Contributor

Jessie,

 Sorry I do not have any experience with organization's enterprise login. Have you contacted tech support?

0 Kudos
JessieCahoon
New Contributor II

No worries, thanks for the help Robert!

I have contacted tech support and its slow going, I didn't know if anyone in the community had experience with this. (Seems like a few of us are having this issue - how-do-i-configure-web-appbuilder-to-use-organization-login)

Again, thanks for the response!

0 Kudos
SethLewis1
Occasional Contributor III

Hi Jessie,

Have you tried the following?

1) Add a web application item in your Portal/AGOL with the URL of your locally deployed app. This item will function as a placeholder for your locally deployed app.

2) Go into the just registered app's settings and click Register at the bottom to generate an AppId.

3) Set the redirect URI(s) to your app.

4) Copy the appId into your locally deployed app's config.json in the appId property. (see below)

5) Attempt to load the app in your browser. Do you receive an OAuth2 Modal with an Enterprise Login option rather than the ArcGIS Datastore Named User login?

"portalUrl": "https://portal url",
"appId": "insert appid from registered app in portal",‍‍‍‍

Permissions to the app using ADFS would then be scoped as to how the registered app is shared across your organization.

JessieCahoon
New Contributor II

Hi Seth!

I swear I had tried just this, with no luck before however I tried again, and got further than I have. (ESRI tech support told me it just couldn't be done)

I tried your solution again, and now I'm seeing a message that at least says "Sign into ArcGIS Online" - however when I click OK, I get an invalid redirect URI error message:

ArcGIS Portal Directory
Error

Invalid redirect_uri


Error: 400
Thoughts?
I have made a not so elegant hack in the main.js file in jimu/ folder to check the idenity manager against the app ID and portal URL once the config is loaded - it works but certainly would not like to upkeep changes to the jimu files
function onAppConfigChanged(_appConfig, reason){
   appConfig = _appConfig;

   if(reason === 'loadingPageChange'){
      return;
   }

   //loadingCallback('jimu', resources.length + 1, resources.length);
   var info = new OAuthInfo({
      appId: appConfig.appId,
      portalUrl: appConfig.portalUrl,
      popup: false
   })
   IdentityManager.registerOAuthInfos([info]);

   IdentityManager.checkSignInStatus(info.portalUrl + "/sharing").then(
      function (){
         var portal = new arcgisPortal.Portal(info.portalUrl);
         portal.signIn().then(function (portalUser){
         return;
      })
      .otherwise(function(error){
         console.log("Error occurred while signing in: ", error);
         IdentityManager.getCredential(info.portalUrl + "/sharing")
      })
   }).otherwise(function (error){
      IdentityManager.getCredential(info.portalUrl + "/sharing")
   });

   html.setStyle(jimuConfig.loadingId, 'display', 'none');
   html.setStyle(jimuConfig.mainPageId, 'display', 'block');
}
SethLewis1
Occasional Contributor III

Jessie,

In your registered app in Portal/AGOL, under settings have you set redirect URIs to the location of your locally deployed app?

JessieCahoon
New Contributor II

Yep - running it in localhost. Could that be my issue?

0 Kudos
JessieCahoon
New Contributor II

Wahhooo! Thank you Seth Lewis‌... I realized when I registered my app, I used the full address:

http://localhost/testing2/index.html

When I registered the redirect URI for:

http://localhost/testing2

It works! It was trying to hit the jimu/oauth-callback.html and was having issues with that redirect.  


THANK YOU SO MUCH!!! 

*** edit ***

For others that might be running into this issue, this is what works for me:

1) Add a new application in AGOL and set as Web Mapping

2) Actually make sure that isWebTier is set to false in the config.  This is counter to what I read here:

Web-tier authentication—Web AppBuilder for ArcGIS (Developer Edition) | ArcGIS for Developers 

Anyhoo, glad it works! Thanks again for the help!

TigerWoulds
Occasional Contributor III

@SethLewis1  This almost works for us. After adding the app ID in the config.json I now get a popup asking to login to our portal

TigerWoulds_0-1620416957344.png

But when I hit OK, I get a 400 invalid redirect uri error

TigerWoulds_1-1620417002820.png

Any ideas?

Edit: Nevermind, figured it out by setting the redirect urls to the application's website! 

Thanks so much!

 

0 Kudos
ahargreaves_FW
Occasional Contributor II

@TigerWoulds I'm stuck at this point. I have the following setup:

  1.  WAB Dev Ed app accessing a secure map with my portal. That map has services from a federated server.
  2. Downloaded WAB Dev Ed app, deployed onto stand alone web server.
  3. Registered WAB Dev Ed app URL as app within portal. Copied AppID and added that into the "AppID" section of the apps config.json deployed on stand alone web server.
  4. Redirect URIs of #3 (above) include:

However I get the same secondary request to log into my portal when clicking the registered item (#3 above) despite already being authenticated to the portal via SAML and all content being shared org wide. How do i get rid of this secondary click?

0 Kudos