ArcGIS Online Trusted Servers with HTTP Basic Auth

5075
4
01-12-2016 08:38 AM
KarelVondracek
New Contributor II

We have a Feature Service secured with HTTP Basic Auth (Web-Tier authentication) and we need to publish this service in ArcGIS Online for editing. The service is accesible via SSL with valid certificate. But here comes the trouble...

1) When adding the service to the map, ArcGIS Online asks for credentials and displays the service correctly. Unfortunatelly at the same time we get an error stating that the service is not accessible for ArcGIS.com application and cannot be edited. Looking into the communication I've found the problem is caused by ArcGIS Online using a proxy which cannot access our service http://organization.maps.arcgis.com/sharing/proxy?https://ourservice. Fiddler says it returns the http 502 error - Bad Gateway.

2) According to the documentation (Configure security settings—ArcGIS Online Help | ArcGIS ), this is expected behavior and Trusted Servers setting should be used to achieve this. AGOL is supposed to store credentials for those servers and pass them through the proxy, am I right? But when we add our domain to the trusted servers list, ArcGIS Online stops asking for credentials at all and we cannot even add the service to the map. AGOL only says the service cannot be added with no additional details.

We have CORS enabled on the server (it returns Access-Control-Allow-Origin: organization.maps.arcgis.com) and we've tried Chrome and IE 11, but with no luck. Is there something else that needs to be configured?

0 Kudos
4 Replies
ChrisWhitmore
Esri Regular Contributor

Hi Karel,

It sounds like you're going through the correct steps to edit your web tier secured service. It would be best to contact Technical Support - they'll be able to troubleshoot.

Thanks,

Chris

0 Kudos
AlexEvett
New Contributor II

Were you able to resolve this issue?

0 Kudos
KarelVondracek
New Contributor II

Hello Alex,

we've solved it only halfway. We are now able to add feature layer to a map for editing. There is still this problem with ArcGIS Online calling sharing/proxy (returns 502 error), but the map doesn't seem to care and works fine with the layer. It was a long process of debuging, but from what I can recall, the most important part was to handle the HTTP headers correctly. There must be two-way trust set up for ArcGIS Online and the map service server, which must return:

  1. Access-Control-Allow-Credentials:true
  2. Access-Control-Allow-Origin:http://org_name.maps.arcgis.com

What remains unsolved is the possibility to add the layer to "My content" section (Add Item from Web). ArcGIS Online still expects the layer to have token authentication and pops up the OAuth credentials form instead of asking for basic auth.

AlexEvett
New Contributor II

Thank you for taking your time to reply.

0 Kudos