Community

IdentityManager - no login screen displayed?

4045
7
Jump to solution
12-12-2012 11:04 AM
TracySchloss
by
Frequent Contributor
‎12-12-2012 11:04 AM
I am working through a basic IdentifyManager example.  I have modified the bare minimum, just enough to have my extent and my services.  When I run/debug this, it doesn't display a login. Is that because it doesn't really think my service is secure?  The older examples show the login in a contentpane, but I assume identitymanager is what is controlling the login that comes up?  How does it know what to put as the prompt?  Just from the name of the service you are trying to load?

I am using ArcGIS Server 10.1 SP5 and the security has been enabled and configured.  and the security has been enabled.  I have assigned a userID password to my service.  I can generate a token from the service directory, so I think the server is set up to generate a token.  I believe my proxy pages are configured and working.  I have my SSL in place on my server.  These are all things that I've seen that must be in place for this to work.

It doesn't have to be a featureservice does it?  I haven't seen that that is a requirement so far.  I am using a featureLayer instead.  
<!DOCTYPE html>  <html>  <head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>    <meta http-equiv="X-UA-Compatible" content="IE=7" />    <title>Persisting Identity Manager Info</title>    <link rel="stylesheet" href="https://community.esri.com//serverapi.arcgisonline.com/jsapi/arcgis/3.2/js/dojo/dijit/themes/tundra/tundra.css">    <link rel="stylesheet" href="https://community.esri.com//serverapi.arcgisonline.com/jsapi/arcgis/3.2/js/esri/css/esri.css" />    <style type="text/css">        html, body {          height: 98%; width: 99%;          margin:0;          padding-top:4px;          padding-left:4px;        }          #rightPanel{          width:140px;          border:2px solid #617798;          -webkit-border-top-right-radius: 4px;          -webkit-border-bottom-right-radius: 4px;          -moz-border-radius-topright: 4px;          -moz-border-radius-bottomright: 4px;          border-top-right-radius: 4px;          border-bottom-right-radius: 4px;        }          #mapCanvas{          border-top:2px solid #617798;          border-bottom:2px solid #617798;          border-left:2px solid #617798;          -webkit-border-top-left-radius: 4px;          -webkit-border-bottom-left-radius: 4px;          -moz-border-radius-topleft: 4px;          -moz-border-radius-bottomleft: 4px;          border-top-left-radius: 4px;          border-bottom-left-radius: 4px;          padding:0px;        }          .templatePicker{          height:80%;        }    </style>      <script>var dojoConfig = { parseOnLoad: true };</script>    <script src="//serverapi.arcgisonline.com/jsapi/arcgis/3.2/"></script>      <script type="text/javascript">      dojo.require("dijit.layout.BorderContainer");      dojo.require("dijit.layout.ContentPane");      dojo.require("esri.map");      dojo.require("esri.layers.FeatureLayer");      dojo.require("esri.IdentityManager");        var map, cred = "esri_jsapi_id_manager_data"; // cookie/local storage name        function init() {        // store credentials/serverInfos before the page unloads        dojo.addOnUnload(storeCredentials);        // look for credentials in local storage        loadCredentials();          esri.config.defaults.io.proxyUrl = "http://ogi.oa.mo.gov/proxy/proxy.ashx";    /*       map = new esri.Map("mapCanvas",{          extent: new esri.geometry.Extent({"xmin":-12080521,"ymin":4472736,"xmax":-11829657,"ymax":4563023,"spatialReference":{"wkid":3857}})        });  */  var spatialReference = new esri.SpatialReference({             wkid: 102100         });         startExtent = new esri.geometry.Extent(-10723197, 4186914, -9829190, 4992866, spatialReference);         map = new esri.Map("mapCanvas", {             extent: startExtent         });       dojo.connect(map, "onLoad", function() {          dojo.connect(dijit.byId('mapCanvas'), 'resize', map,map.resize);        });          var basemap = new esri.layers.ArcGISTiledMapServiceLayer("https://server.arcgisonline.com/ArcGIS/rest/services/World_Topo_Map/MapServer");        map.addLayer(basemap);        var countyLayer = new esri.layers.ArcGISDynamicMapServiceLayer("http://myserver.mo.gov/arcgis/rest/services/county_simple/MapServer");        map.addLayer(countyLayer);        var serverLayer = new esri.layers.FeatureLayer("https://myserver.mo.gov/ArcGIS/rest/services/myservice/MapServer/1",{          mode:esri.layers.FeatureLayer.MODE_ONDEMAND,          outFields:["*"]        });        map.addLayer(serverLayer);      }        function loadCredentials() {        var idJson, idObject;          if ( supports_local_storage() ) {          // read from local storage          idJson = window.localStorage.getItem(cred);        } else {          // read from a cookie          idJson = dojo.cookie(cred);        }          if ( idJson && idJson != "null" && idJson.length > 4) {          idObject = dojo.fromJson(idJson);          esri.id.initialize(idObject);        } else {           console.log("didn't find anything to load :(");        }      }        function storeCredentials() {        // make sure there are some credentials to persist        if ( esri.id.credentials.length === 0 ) {          return;        }          // serialize the ID manager state to a string        var idString = dojo.toJson(esri.id.toJson());        // store it client side        if ( supports_local_storage() ) {          // use local storage          window.localStorage.setItem(cred, idString);          // console.log("wrote to local storage");        } else {          // use a cookie          dojo.cookie(cred, idString, { expires: 1 });          // console.log("wrote a cookie :-/");        }      }        function supports_local_storage() {        try {          return "localStorage" in window && window["localStorage"] !== null;        } catch( e ) {          return false;        }      }      dojo.ready(init);    </script>  </head>    <body class="tundra">    <div data-dojo-type="dijit.layout.BorderContainer"         data-dojo-props="design:'headline',gutters:false"         style="position:relative;width:100%;height:100%;">     <div id="mapCanvas"          data-dojo-type="dijit.layout.ContentPane"          data-dojo-props="region:'center'">       </div>     <!--right content panel-->     <div id="rightPanel"          data-dojo-type="dijit.layout.ContentPane"          data-dojo-props="region:'right'">       <p>        This sample shows how to view a secure map service using token-based authentication. Use the following credentials        to test the application:</br> User Name: <b>rick</b></br>Password: <b>rick@esri</b>       </p>        <div id="content" style="height:100%;"></div>     </div>    </div>    </body>  </html>
0 Kudos
1 Solution

Accepted Solutions
JohnGravois
by
Frequent Contributor
‎12-13-2012 08:20 AM
a couple things...

1. i noticed in your sample code that both your proxy and countyLayer are referenced using HTTP instead of HTTPS.  i am under the impression that you need to use HTTPS across the board (including hosting for the app itself) when working with the identity manager.

2. the identity manager definitely "does its own thing" with regard to generating tokens.  the credentials/token which you might have stored in your proxy config would only be relevant if you were trying to hide enough information to grant access to end users automatically.

3.  the proxy referenced in your application will only be used when necessary to POST a request across domains, as you noticed in our sample app, because our sample server "servicesbeta" supports CORS, both Firefox and Chrome (which also support CORS) request a token and deliver content from the server without using the proxy at all.  it is included for IE specifically, which does not support CORS.

what specific problem are you encountering now?  are you seeing a prompt to login after correcting the Url of your service?  does it allow you to see the content?

View solution in original post

0 Kudos
7 Replies
TracySchloss
by
Frequent Contributor
‎12-12-2012 11:36 AM
I see I missed the folder my service was in, so my path was wrong.  I can answer my own question that "yes, if your service is invalid, you don't get a login".  It would be more user friendly to have some sort of error.

Is there something special that has to be in my proxy configuration?  I'm not getting an error "Unable to access the authentication service", but looking at Firebug it tells me I have an error in my proxy.ashx file.
0 Kudos
TracySchloss
by
Frequent Contributor
‎12-13-2012 06:47 AM
Has anyone been using IdentityManager successfully?  It looks like it's calling the generate token using the server name, even though I have explicitly set my tokenServiceUrl.  Is IdentifyManager just doing its own thing internally and ignoring this setting?  Or have I somehow messed it up in my proxy config?  Do I need to do something special with my proxy config in order to get this to work?

A few other threads mention the reverse proxy, which we are also using.  It's getting very confusing to have a conversation with the system staff, when we have two different things to configure, both called proxy!!!
0 Kudos
JohnGravois
by
Frequent Contributor
‎12-13-2012 08:20 AM
a couple things...

1. i noticed in your sample code that both your proxy and countyLayer are referenced using HTTP instead of HTTPS.  i am under the impression that you need to use HTTPS across the board (including hosting for the app itself) when working with the identity manager.

2. the identity manager definitely "does its own thing" with regard to generating tokens.  the credentials/token which you might have stored in your proxy config would only be relevant if you were trying to hide enough information to grant access to end users automatically.

3.  the proxy referenced in your application will only be used when necessary to POST a request across domains, as you noticed in our sample app, because our sample server "servicesbeta" supports CORS, both Firefox and Chrome (which also support CORS) request a token and deliver content from the server without using the proxy at all.  it is included for IE specifically, which does not support CORS.

what specific problem are you encountering now?  are you seeing a prompt to login after correcting the Url of your service?  does it allow you to see the content?
0 Kudos
TracySchloss
by
Frequent Contributor
‎12-13-2012 09:37 AM
I have tried http and https in my proxyUrl, so that doesn't seem to make a difference.  One of the threads I read made it sound like IdentityManager would generally resolve whatever paths it needed to follow.  But it didn't seem to hard to add some refrences to serverInfo after my proxyUrl
esri.config.defaults.io.proxyUrl = "https://ogitest.oa.mo.gov/proxy/proxy.ashx"; 
   var serverInfo = new esri.ServerInfo();
  serverInfo.server = 'https://ogi.oa.mo.gov';
  serverInfo.tokenServiceUrl = 'https://ogi.oa.mo.gov/arcgis/tokens/generateToken';


I wasn't sure if the ESRI base maps would all respond with https in the path.  The other internal layer should also be available as both http and https because I have it all set up that way in the reverse proxy etc.

What I am a little confused on is what needs to go in my proxy config file.  Do I also need references to the token directory?  The examples all show rest service directory paths, but wouldn't you need an entry for the token as well?
0 Kudos
JohnGravois
by
Frequent Contributor
‎12-13-2012 10:08 AM
most of our sample servers are configured to server over HTTPS as well.  just check in the browser to make sure.

as i mentioned before, nothing needs to go in your proxy at all except an item which puts your server in the list of machines which the proxy grants access to forward traffic from.

<serverUrl url="https://sampleserver6.arcgisonline.com/arcgis/rest/services/" 
               matchAll="true"></serverUrl>


you shouldn't need to instantiate and configure a serverInfo object or set any properties, the identity manager should be able to request and append tokens automatically when a secure resource is added to your application.
0 Kudos
RahulMetangale1
by
Occasional Contributor II
‎12-13-2012 10:58 PM
Tracy,

Please use following sample:
https://servicesbeta.esri.com/demos/jsapi-samples/widget_identitymanager/index.html

The sample that you are using is persisting identity manager which will store short lived token in cookie or local storage. generally this is valid for 60 mins so once you provide the credentials you will not have to provide them for next 60 mins.

I hope this helps.
0 Kudos
RobertBurke
by Esri Contributor
Esri Contributor
‎01-28-2016 08:11 AM

https://servicesbeta.esri.com/ArcGIS/rest/services/SanJuan/TrailConditions/FeatureServer/0

Looks like this service, used by the sample is no longer available.

0 Kudos