I have a new Portal configure d and I am trying to get my first WAB app working properly. It seems that when I open the app it requests a token but only gets a 30 minute token. Once that expires the secured layer in my map stop functioning and no request for an updated token is ever requested. I then have to refresh the map every 30 minutes to keep things functioning. System cofig below. Let me know if anyone has any ideas.
ArcGIS Enterprise 10.6.1 with Portal federated.
Secured with Windows Auth Web authenrtication
Shortterm token set to 7,200 minutes (5 days)
Long term tokens set for 7 days
I logged this bug over a year ago with 10.6. I now have the same setup as you, 10.6.1, federated AGS, IWA and still see the issue on 10.6.1. I haven't tried 10.7 yet but would bet money the bug is in there as well. #BUG-000112228 if you would like to see it. Hopefully ESRI will figure this bug out as its making my Portal WAB maps unusable.
I didn't realize 10.7 was available already. The wording I was sent was a bit confusing. I need to get further clarification.
"...the issue has been resolved and addressed in ArcGIS Enterprise 10.7 and ArcGIS Online. That being said – you wouldn’t notice the fix until you upgraded and once they roll out 10.7 unless we submit a hot fix request through Support – I believe the next roll out is just before User Conference in July..."
Strange, sounds like maybe they won’t roll out a hot fix until July. I plan to upgrade our Portal to 10.7 as soon as I can get our SQL box upgrade to 2014 SP3 (currently on 2014 sp2). At that point I can let you know if its fix.
Well bad news. Upgrading to 10.7 and token being issued is still stuck at 30 minutes despite changing the settings. Trying to contact support again to take another look. Will also be looking to see if switching to ADFS will help.
Just a heads up for everyone experiencing this issue that it does appear to be at least partially fixed. After complaining to support that it was not fixed in 10.7 or 10.7.1 and doing some troubling shooting we found what appears to be a promising result. If you upgraded from 10.5,10.6,10.6.1 to 10.7,10.7.1 the 30 timeout is still hidden in the background somewhere. To fix this i simply had to open up the token settings in AGS and update, save to reapply them. After than i'm seeing tokens last longer than 30 minutes.
Issue 2 i'm dealing with an have a bug logged for is the OpsDashboard timing out after 30 minutes. It appears the tokens for that are still expiring at the 30 minute mark causing the OpsDashboard to prompt for sign ins for each data source even though IWA and SSO are enabled.