Identity Manager events, secured services, and customizing the user experience

Discussion created by ytorrey on Aug 5, 2013
Hi everyone! The system we're building has a problem, and I'm looking for a creative solution. I've perused all the discussions involving the Identity Manager in this forum (and a couple others), but have yet to find rescue. Please post any ideas you may have, especially if you've found your way around this particular issue! Thanks in advance :)

Ideal behavior of our system:
We want the user to be prompted once for their credentials, and prompted again only if the credentials are invalid. However, we do NOT want to alert the user if their credentials are valid, but do not gain him access to a secured service. The way we are attempting to accomplish this is to wait for the onDialogCreate event, make the dialog invisible, wait a few milliseconds, inspect the message, then cancel out of the dialog if it contains the string "valid, but". If the message doesn't contain our string, we assume it is important that the user interact with the dialog, so we make it visible at that point. When the document unloads, we store the user's credentials into their local storage to use on subsequent visits.

Scenarios in which our system fails:
1) When the user decides to log in, we add two secured layers to the map at once. The user is presented with the dialog, so he inputs credentials that successfully give him access to the first service, but then the dialog returns when the credentials fail to gain access to the second secured service. When this dialog returns, it does not seem to trigger an onDialogCreate event, and therefore is never made invisible as is desired. Ideally, he would never see the second dialog, it would cancel itself, and he would be unaware of services he couldn't access.

2) A different user logs in with credentials that exist in the user store, but does not have access to either secured service. When she returns to the site the second time, we load her credentials from her local storage, and attempt to add both secured services. The onDialogCreate function is fired for the first service, which successfully cancels the dialog and never unhides it. The second service then brings up the dialog, but does not trigger the onDialogCreate event. However, since it's still invisible and steals the focus, the user can no longer use the map. Ideally this second dialog would also be cancelled, and she would be unaware that there are services that she could not access.

Possible solutions - Thinking out loud:
1) Upon log in, we could add just one secured layer to the map that anyone with valid credentials can access. We could wait for the onLoad event of this layer, store the user's credentials to their local storage, then add our supplementary secured services after this point. In this case, the dialog should only come up if their credentials do not have access to more than one secured layer, which only gets us around the first scenario described above.

2) Maybe we could introduce a loading time in between each of the secured layers being added, instead of adding them all at once. It is possible that if we wait long enough between secured services, the second and third layers being added will trigger onDialogCreate every time. However, it is also possible that if the user waits longer than our code waits, it will act as if multiple services are being added at once anyway. Perhaps we could get around this by waiting for the user to identify themselves for the first layer before adding the next, and so on. This may not be possible without an onDialogSubmit or onDialogSuccess event, though.

3) Is there some way that we can destroy the dialog upon submitting it? This way, it has to be created again in order to attempt (and fail) at accessing the second or third secured service (which the user does not have access to), and will hopefully trigger the onDialogCreate event every time, solving our problem.

4) In Chrome's console, I can see that 403 errors are popping up immediately from the ArcGIS Javascript API every time the dialog presents itself to the user with an error message, regardless of whether the onDialogCreate event was triggered. Attempting to listen to the onError event using dojo, however, did not let me execute any code until after the user had closed the dialog. If I could somehow execute code the moment that 403 error comes up, I could hide/inspect the dialog at that point.