|
POST
|
I just noticed this today on an iPad we upgraded to iOS 10. The deeplink in a map popup was to a Nintex form based solution: the URL was nintexmobile://form?ntx-id=2b367c1a-a560-4c30-a1dc-998ccaea3813, which would open the Nintex mobile with the form of ntx-id - this worked on iOS9. It no longer works on iOS10. nintexmobile://form?ntx-id=2b367c1a-a560-4c30-a1dc-998ccaea3813 opens Nintex mobile correctly when launched from Safari Just to verify that it wasn't a Nintex issue, I tested it against Survey123. In my map popup I used the URL arcgis-survey123:// to just launch Survey123. This works from Safari on the iPad (Survey123 opens), but does not work as an attribute value in a Collector map popup. So my question is: Does Collector deeplinking no longer work in iOS10? TIA
... View more
09-23-2016
11:32 AM
|
0
|
1
|
1796
|
|
POST
|
I have a custom Popup that displays an image using the sourceURL. I'd like the linkURL to fire some JavaScript code. The mediaInfos in the PopupTemplate looks like this: "mediaInfos": [
{
"title": "",
"type": "image",
"caption": "",
"value": {
"sourceURL": "http://webapps-cdn.esri.com/Apps/MegaMenu/img/logo.jpg",
"linkURL": "javascript:void(alert('Just fire an alert.'))"
}
}
]
Unfortunately, in Firefox and IE, when the user clicks the image, a new web browser tab is opened and the javascript gets executed inside the new browser tab. This is not the case in Chrome. When you inspect the media element in the browser you see the anchor tag get constructed like this: <a href="javascript:void(alert('Just fire an alert.'))" target="_blank">
<img class="esriPopupMediaImage" src="http://webapps-cdn.esri.com/Apps/MegaMenu/img/logo.jpg" style="margin-top: 53px;">
</a> Note that the <a/> tag includes the parameter target="_blank", which tells the the browser to open the href in a new browser. In Firebug, if I delete the target="_blank" parameter from the anchor tag, the Javascript executes inside the same browser window as the popup. This is the desired behavior. My question is: how can I get rid of that target="_blank" parameter? In the PopupTemplate mediaInfos? If so, how? In the javascript:void? Is there a global override of target="_blank"? TIA
... View more
09-06-2016
02:37 PM
|
0
|
3
|
2648
|
|
POST
|
ArcGIS Server 10.3.1 When I try to configure a portal using my web adaptor "Portal URL = https://machine.domain.com:7443" I get the error: Failed to get administrator token from Portal. Please verify that the Portal URL specified can be accessed successfully. I'm confused: how can I successfully access the Portal URL when the Web Adaptor cannot create the URL? What am I missing? TIA
... View more
06-01-2016
11:52 AM
|
0
|
3
|
6399
|
|
POST
|
Yes, I'm up to my elbows in the JSAPI IdentiyManager. See my unanswered question here: https://community.esri.com/thread/176132 It's still not clear to me. Thanks.
... View more
04-29-2016
09:05 AM
|
0
|
0
|
814
|
|
POST
|
I've wallowed though probably all of Esri's online documentation regarding security and I am still not clear on this. What I want to do is use REST to do query a secure feature service. this all happens in node.js In order to do this in need to obtain a token by passing a username/password to the token dispenser, then append the token to the URL I am using to make my REST call. I know I can do this. What we don't like about this is that is uses a named user - which has, um, unpleasant issues I've discussed elsewhere on this forum. I'm still trying to wrap my head around OAuth. I see that I can register an app with OAuth, which gives me a client_id and client_secret. I use those to obtain an access_token, which I can use to... well... I'm not exactly sure what I can use it for. I do know that I ca not use it to fire queries at the feature service REST endpoint. If it were a perfect world I'd have my feature layer secured in a manner in which I can create a security to it using a client_id and client_secret. Or did I miss something...? Can I access a feature service with REST using a client_id and client_secret and if so, then how? So, my question is that, in general, and in the world of ArcGIS Server and Portal, REST endpoint are secured with REST tokens and registered apps are secured with OAuth and can be accessed with an access_token obtained with the client_id and client_secret, correct? Just checkin...
... View more
04-27-2016
10:10 PM
|
0
|
2
|
2745
|
|
POST
|
We are using ADFS to secure our portal - which is a non-ArcGIS web application. ADFS is the security store for ArcGIS Server and Portal. When the portal get loaded into the browser, it creates two cookies: MYagstoken: <cryptic_string_token> MYagsdetailsCookie: {"userId”:”[email protected]”,”expires":1461627081574,"creationTime":1461623481574} I have verified that the content of MYagstoken is a valid token that I can use to consume secure resources. The token times out in 60 minutes. I am using the ArcGIS Resource Proxy from github to identify the CORS resource but not to obscure a username/password. In other words: username/password is not allowed in the proxy.config and it is the person who logged in to the portal (non-ArcGIS web application) who has obtained the token from the AGS token dispenser via the cookies. We are NOT using the default login UI for IdentityManager. Our identities are created “elsewhere” and are stashed in the cookies. When our JSAPI application gets loaded into the browser it uses the cookies create an object that is used to initiate the IdentifyManager (esriId). var MYagsdetails = JSON.parse(MYagsdetailsCookie); var userId = MYagsdetails.userId; var expires = MYagsdetails.expires; var creationTime = MYagsdetails.creationTime; var serverInfo = { server: "https://webadaptor.MyDomain.com/portal", tokenServiceUrl: "https://webadaptor.MyDomain.com/portal/sharing/generateToken/", hasPortal: true, webTierAuth: false }; var credential = { userId: userId, server: "http://webadaptor.MyDomain.com/portal", token: MYagstoken, expires: expires, validity: undefined, ssl: true, creationTime: creationTime, scope: "portal" // ”server" does not work }; var idObject = { serverInfos: [serverInfo], credentials: [credential] }; esriId.initialize(idObject); This successfully creates a credential that I can use for 60 minutes. There are a couple of oddities at this point: The following gets executing, indicating that the IdentityManager is successfully creating a credential. It should be noted that the token is a different string, although this token is valid as well. esriId.on("credential-create", function(e) { console.log (Date().toLocaleString() + ' credential-create Credential: ', e.credential); }); The following event NEVER gets fired, even after the 60 minutes: esriId.on("dialog-create", function(e) { console.log (Date().toLocaleString() + ' dialog-create', e); }); The secured services cease to function inside the map. Pan and zoom and nothing happens. There was rich and dynamic map content for 60 minutes though… There are repeated error of “Invalid Token” indicating that the token never refreshed. It was my understanding that when a credential was created by the IdentityManager.initialize, that a timer was created that refreshed the token when it’s timed out. The bottom line is that there is no indication that the security has expired (dialog-create) or that a new credential is created (credential-create). FAIL. I’d like to do either one of two things: Institutional: Inform the user that their security has timed out and that they need to launch the map app again from the portal. This is the “not preferred by acceptable” alternative Technological: Refresh the IdentityManager credential with a new token that will give me another 60 minutes. This is the preferred option. So long as the portal application can create the the cookies (soon to be local storage). One other item: I’ve attempted to use a timer to recreate the IdentityManager credential using the code above and the cookies generated by the portal, but without success. For reasons I don’t understand, I’m just not able to rehydrate the IdentityManager so my users can continue working in the map application. Hope you can help... TIA
... View more
04-25-2016
04:18 PM
|
1
|
0
|
3334
|
|
POST
|
Great question! The robot is owned by our organization. It does administration tasks, it does publishing tasks, it does user tasks. We could call him "Tyler Durden", but at the end of the day he's just a scheduled task...
... View more
04-11-2016
11:55 AM
|
0
|
3
|
2928
|
|
POST
|
Thank you for the reply, Derek. we do intend to contact our account manager. For the sake of disclosure and clarity, I’d like to add some backstory to my question. For starters, all our published GIS content is secure - this is our prime directive. We get do decide how to secure it and we have chosen ADFS. Before Portal for ArcGIS (PFA), ArcGIS Server (AGS) instances were licensed per-core. Our license level allowed unlimited users to consume our GIS content and for us to publish as many GIS services as our hardware could handle. The problem was that it was only GIS services that were published - this pattern forced us to write complex APIs to consume the ArcGIS services and serve them as web applications with rich functionality. Our end users enjoyed secure GIS content, a rich user experience, and our organization was not constrained by fixed number of users. Additionally, our offerings included some significant GIS automation - the sorts of things we used to do with ArcPy and an AGE or AGD license we could instead do with the ArcGIS Rest API, our licensed AGS instance, and scheduled tasks. Along came ArcGIS Online (AGOL) and PFA and with it came the concept of a web map - i.e., a collection of GIS services (maps, mostly) with rich function functionality embedded in the map that could be consumed by a much simpler API. Because it is easier to design and configure web maps, it’s possible to publish more of them more efficiently. And because the ArcGIS Rest API is still available, our GIS automation doesn’t have to change. Unless we’re constrained by a fixed number of named users who are real, live persons in our organization… The bottom line for us is PFA has the potential to make us more efficient at doing awesome ArcGIS things. However, the named-user pattern is potentially a deal-breaker. Our end users don’t care about the portal, they only want the secured web map content presented in our APIs. We have to weight that against the efficiencies that web maps give us. At the end of the day, our organization has only a few true “named users” (i.e., “content publishers) who really need everything PFA has to offer. We also have a robot who only needs the AGS Rest API. And several hundred “unnamed users” who only consume web map content served into our applications and nothing more regarding the PFA. It seems to me that the PFA governance pattern does not support our organizational profile. We recognize that our organization is a statistical outlier, yet at the same time I can’t believe that we are the only organization that is struggling with what PFA means to them. Cheers!
... View more
04-10-2016
03:59 PM
|
0
|
5
|
2928
|
|
POST
|
Say, for example we want to run some GIS automation against secured portal content that gets executed by a headless server, i.e., a non-human being. TIA
... View more
04-08-2016
12:22 PM
|
0
|
7
|
6311
|
|
POST
|
Getting closer! Robert: Are you using enterprise security? Or internal (AGS) security? TIA
... View more
03-17-2016
01:24 PM
|
0
|
1
|
1661
|
|
POST
|
Hi Robert: Getting closer... Thanks! https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain.com/arcgis/rest/services/Sa… returns: {"error":{"code":499,"message":"Token Required","details":[]}} So my proxy is working and interrogating the map service and is seeing that it's secure... ...which raises the question: Why is the proxy not working to access the secure services behind the scenes? I'm still trying to wrap my head around how this works with the ArcGIS Portal. I create a "generic" app which gives me a ClientID and ClientSecret. This is what gets registered in the proxy.config file. My question is: How is the security to the map service relate to the security of the generic app with its ClientID and ClientSecret? What I'd really like to do is have a ClientID and ClientSecret for my Web map. Is there a way I can create that security? Or am I constrained to use the generic apps? Hopefully you or someone else with more grey matter than I've got can help answer that question... --Dirk
... View more
03-17-2016
08:26 AM
|
0
|
1
|
1661
|
|
POST
|
We have the full stack of ArcGIS Server and Portal hosted on-premise. We've authored a map service that is secured. In Portal we created a web map that uses an ArcGIS Online basemap and the secured map service. We then wrote a simple JS application that serves the web map. It requires the user to enter credentials - we do not want users to enter credentials, yet the map service must remain secure. Enter the proxy, download from Releases · Esri/resource-proxy · GitHub Following the instructions here: Sharing maps with secure layers | Guide | ArcGIS API for JavaScript, ...adding the appropriate urlUtils and proxy.configs Results in a 403 error. The JS is here: urlUtils.addProxyRule({
urlPrefix: "https://subdomain.domain.com",
proxyUrl: "proxy/proxy.ashx"
});
arcgisUtils.arcgisUrl = "https://subdomain.domain.com/portal/sharing/content/items";
arcgisUtils.createMap("<WEB_MAP_ID>","map").then(function(response){}); The content of the proxy.config has: <serverUrl clientId="<ClientID>" clientSecret="<Client_Secret" rateLimit="0"
rateLimitPeriod="1" matchAll="true" url="https://subdomain.domain.com/arcgis/rest/services/MapService/MapServer"/> As per the sample. Yet I still get the 403 GET https://subdomain.domain.com/proxytest/proxy/proxy.ashx?https://subdomain.domain…d189aa97?f=json&callback=dojo.io.script.jsonp_dojoIoScript1._jsonpCallback 403 (Forbidden) Can anyone with experience in this realm help provide insight for me please. TIA
... View more
03-16-2016
03:56 PM
|
0
|
5
|
3484
|
|
POST
|
If I emailed the URLhttp://www.arcgis.com/home/mobileviewer/appsharer.html?id=ac7e0840c3444ccbb69082ad99d18eeb and the recipient had Explorer for ArcGIS installed on their device, tapping the URL would open the web map in Explorer. Is there a similar pattern where I can publish a web map that contains editable layer(s), then share a URLwhich includes the webmap id as a parameter, which will open Collector for ArcGIS when the link is tapped? If yes, what is the pattern for the URL? TIA
... View more
02-10-2016
09:13 PM
|
0
|
0
|
2117
|
|
POST
|
That works for me - thanks Jake. In Javascript as well, when I remove the ClientIP parameter (which I had originally mistyped as "client" - without the IP, which was where the original error was originating) it works as well. NEXT QUESTION: Our corporate directive is to use entirely ADFS security. When I plug in my enterprise U/P in the above script I get: {u'error': {u'message': u'Unable to generate token.', u'code': 400, u'details': [u'Invalid username or password.']}} That same enterprise U/P allows me to log in to Portal for ArcGIS. Got any hints on how I can use my enterprise login to generate a token? TIA
... View more
01-29-2016
11:14 AM
|
1
|
2
|
3974
|
|
POST
|
Currently built-in, but we are in the process of migrating to enterprise. The credentials I use are the built-ins - which are still enabled.
... View more
01-26-2016
12:49 PM
|
0
|
4
|
3974
|
| Title | Kudos | Posted |
|---|---|---|
| 5 | 11-10-2021 12:27 PM | |
| 1 | 10-02-2019 10:47 AM | |
| 1 | 09-24-2021 08:40 AM | |
| 1 | 09-28-2018 10:16 PM | |
| 1 | 10-09-2015 08:26 PM |
| Online Status |
Offline
|
| Date Last Visited |
05-05-2023
03:51 AM
|