Select to view content in your preferred language

Authentication through ArcGIS Online for customized Web Apps

13233
11
01-07-2015 08:23 AM
TobiasFimpel1
Frequent Contributor

This isn't directly about Widgets, but a somewhat related question: I would like to host a customized Web Application made via the javascript web app builder on my own web server, yet allow users of my organization to seamlessly authenticate through the ArcGIS Online Platform.

The ideal workflow would be: User logs into my ArcGIS Online organizational account --> finds the app item (basically a reference to the web apps URL)  in a group he has access to --> gets redirected to that URL --> does NOT need to sign in again to ArcGIS Online via this dialog that opens. Capture.JPG

I researched ESRI documentation, tried a whole lot of things related to registering apps in ArcGIS Online to get the appid etc., but can't figure it out. The Web App builder seems to be designed to provide a mechanism to do that, though, via the config.json's appid and portalurl variables. Any help would be much appreciated. Thank you!!

0 Kudos
11 Replies
RobertScheitlin__GISP
MVP Emeritus
TobiasFimpel1
Frequent Contributor

Thanks Robert. I do allow anonymous access to my organization that is mentioned as a workaround. Perhaps the behavior I see is still related to that issue, who knows?

The documentation here Deploy app—Web AppBuilder for ArcGIS (Developer Edition) | ArcGIS for Developers is informative (and seemingly straightforward). Do you think this is a bug and I should get in touch with ESRI? Or is it actually behaving as it should (i.e. prompting users to sing in to ArcGIS Online upon being redirected to the web app)?

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Tobias,

   I am not 100% sure. I don't use the same workflow. I have a proxy setup that handles all the secure service login stuff. I would definitely call esri tech support and get confirmation as to whether this is the intended behavior or not.

0 Kudos
TobiasFimpel1
Frequent Contributor

Oh, didn't see you post until just now. With your proxy setup, do you still use ArcGIS Online for authentication purposes, or do users authenticate directly to your ArcGIS Server site? I'm asking because I'm in the process of figuring all this out for my organization (we currently have ArcGIS Server, token based security, Windows AD for identity store, and so many users that buying ArcGIS Online usernames for all of them would be pretty pricey. Yet authenticating to the ArcGIS Server map service directly looks and feels clunky and is very inconvenient on mobile devices). If you have any information to share how you use a proxy setup I'd love it. Otherwise thanks for sharing all the good web app builder widgets and knowledge with the community.

0 Kudos
RobertScheitlin__GISP
MVP Emeritus

Tobias,

  Actually the proxy (for me) works as a bypass mechanism to the authentication. My app has been setup in the proxy to go and authenticate with the secure services and work seamlessly to consume my secure services without authentication by the user. But if someone attempts to access the services without going through my app they will be challenged for authentication. This does not sound like the work flow that you are looking for though. It sounds like you want to allow access to your app based on the access level of the authenticated user.

TobiasFimpel1
Frequent Contributor

"It sounds like you want to allow access to your app based on the access level of the authenticated user." Correct Robert, that's what I'm trying to accomplish and it is a different use case that yours. Thanks.

0 Kudos
RyanStrain
Emerging Contributor

Robert,

     Your work flow is what I would like to implement. I'm using web appbuilder 1.0 developers edition. My services and app are registered with AGOL, although on AGOL I would not like to share the items with "Everyone" or groups. And also would like to have application authentication so my users do not login. I installed the web appbuilder and designed the app on my local machine, then downloaded the application and placed it on my web server. I think I'm not setting up my proxy correctly. Can you give insight into how you've set up your proxy, such as which parameters you're using? I'm using url, oauthEndpoint, clientId, clientSecret, rateLimit, rateLimitPeriod, matchAll.

My url="http://adacountyitgis.maps.arcgis.com/".

My oauthEndpoint="https://www.arcgis.com/sharing/oauth2"

Am I missing something? Or wrong values? Or totally offbase for this setup?

Thanks,

Ryan

0 Kudos
BrianO_keefe
Honored Contributor

What settings in your proxy allow this kind of access Robert? I am trying to mimic this EXACT workflow and hitting continuous roadblocks! Can you share your proxy settings? Something? I'm beyond frustrated at this point.

0 Kudos
TobiasFimpel1
Frequent Contributor

Update: I think I'm making some small progress but don't fully understand how it works.

Register your application as an item in ArcGIS Online. per this documentation ArcGIS REST API set the Redirect URI's parameters like so: (urn:ietf:wg:oauth:2.0:oob, then your app's url)

Capture2.JPG

Works, kind of. User needs to click "Ok" and then "Approve" that his credentials are passed. No re-typing usernames & passwords, that's good. But two extra dialog windows is not quite as seamless as I wish it'd be.