Thank you for taking the time to read my post. Please allow me to explain my situation...
My company has a client that recently upgraded their ArcGIS Portal from 10.3 to 10.4.1.
With this upgrade our client application no longer supports passive integrated windows authentication via oAuth.
Before the upgrade, our client application would passively authenticate the user via Integrated Windows Authentication by presenting the user with a "request for permission" webpage prompting them to "approve" the application against their integrated windows domain account.
Unfortunately ever since our client upgraded their portal from 10.3 to 10.4.1 this feature is no longer available.
The users of our client application that are pointing to the new portal are forced to enter their windows credentials rather than simply clicking a button. Due to the nature of the end users this has become quite a concern because of the fact that some of these end users do not remember their domain credentials and this leads to erroneous user operation.
I've been working with the ArcGIS Portal Administrator at our client's office on this issue and they're saying that something needs to be changed in our client application's code even though, it just worked automatically before the upgrade.
One difference they did mention was that the new portal (10.4) uses Kerberos and falls back to NTLM as a fail safe whereas the old portal (10.3) solely used NTLM. I'm not sure if this information is relevant but I figured it was worth sharing.
My colleagues and I are convinced there's a new setting in ArcGIS Portal 10.4 that needs to be enabled for Passive Integrated Windows Authentication to work with oAuth client applications but without the presence of an on-premise portal we're limited to the existing knowledge base of the forums.
I've attached 2 screen shots showing the authentication screen before and after the portal upgrade.
Any help is greatly appreciated. Thanks in advance.