To clarify, currently we have:
- Non-ESRI web application has its own authentication process for users.
- A public WAB app (Developer edition) consumes secured feature service via proxy.
- The non-ESRI web application opens the WAB app without authentication challenge.
What is needed/desired:
- Secure the WAB app and feature services.
- Un-share/secure the WAB app.
- Authenticate WAB app and services from the non-ESRI application (without challenge).
I'm attempting to piece together the correct items for securing both a Web AppBuilder App (Developer version) hosted on our domain, and the secured feature services it consumes (currently accessed via proxy page).
I've read thru much of the documentation on this and still unclear how to actually secure an entire WAB application (public) that doesn't challenge the user for credentials. In our instance, we want another secured web application (non ESRI) that opens/launches the WAB and I need to find a way for that application to generate a token (or some security model) and provide it to the WAB to then be opened. Any other type of access should be prohibited.
Thanks for any insight.