Closed upcamogie closed 8 years ago
upcamogie
commented
8 years ago After reading a closed thread this may be considered not the right place to ask.....but from what I have been told from support that all other story map apps & other apps support full proxy use yet this one was not designed to do so....which does not make sense to me but may be the reason an enhancement & not a bug was logged.
glazou
commented
8 years ago Thanks for the feedback. I am not really sure to understand what is your issue so I will talk about multiple scenario, let me know if I'm off. First we have little documentation about this at https://github.com/Esri/map-series-storytelling-template-js/#can-i-use-private-web-map-or-layer
Map Series should support the exact same pattern than other Story Maps and ArcGIS Online apps when it comes to security/authentication via proxy.
By default Map Series created in ArcGIS Online are private, if you want to only share it with member of your ArcGIS Online Organization you can do this through the builder share dialog. If you want to share with a specific group, you have to go to the item page (this is not very popular in StoryMaps but one day we will include in apps). So when you are in Online you should have no problem with security. Same if you are on Portal for ArcGIS.
If you are using ArcGIS Online and trying to share subscriber or premium content, since our recent release two weeks ago, the share dialog will create the necessary proxy in the background for you. If this is your issue, also see that blog post that was describing the previous workflow http://blogs.esri.com/esri/arcgis/2015/07/17/using-subscriber-content-in-web-apps/ ; this features are going to be added to Portal 10.4.
When you download and install the application on your own server, if you just do the basic configuration (paste the appid), the app will display the sign in dialog when a resource is secured. If you don't want to see that screen and proxy the private resources, you have two options:
upcamogie
commented
8 years ago Thank you for the response. I will review these suggestions but I have tried to apply the proxy with the limited amount of user documentation that exists- glad to you realize your documentation is lacking. I am going by what I was told about this inability to secure, see ENH-000092603.
I hope I am proven wrong and that I can accomplish what I need to do with your suggestions and simple customization. My only customization is the addition of proxy rules which is why I am using the download ZIP from the 'instructions' section rather than at the top of the page (they are different, FYI). If AGOL did not direct people to download from Github but from the Story Maps page, I wouldn't be here, but glad I am since I need help! :)
upcamogie
commented
8 years ago these are the same things I all tried previously before contacting support- and could still not get authentication to work via proxy in this story map template.
glazou
commented
8 years ago What error do you get?
Adding the following code
require(["esri/urlUtils"], function(urlUtils) {
urlUtils.addProxyRule({
urlPrefix: "http://services.arcgis.com/",
proxyUrl: "my-web-server.com/proxy"
});
}); In index.html, like this works for me
upcamogie
commented
8 years ago I just had the chance to try this again-- no go. I get a 400 error "invalid redirect URI" and it goes to the arcgis.com instead of my org.maps.arcgis.com page. No reference to proxy in network traffic that I can see. If I take out my AppId on the oAuthAppId line in index;html, I get a log in screen that references my organization . If I put the user/pass in the log in dialog, I can then see traffic going thru the proxy (but not if I do not enter credentials). But I still cannot bypass the log in screen.
glazou
commented
8 years ago Ok so the proxy url is working but you have an oAuth configuration issue. Your redirect URL must not be correct. Did you specify the correct protocol when entering the URL? see step 2 of https://developers.arcgis.com/authentication/browser-based-user-logins/
upcamogie
commented
8 years ago that may be possible. my oauth app is a generic one that I was instucted to use for my non shared webmaps per support and was told it would work for all of my apps. there are no redirects set as my other apps do not appear to need it, I was not instructed to use one. reading the documentation leads me to believe I should put in the URL to my hosted location for the app, is this correct? so for example, my app is mymap.com and then I add that as the URI as well? I can try that and also register this app with its own client ID and secret and add that info to my proxy.
sorry for all these basic questions but I am not a developer but need to add this basic info of proxy settings to my apps, obviously with a lot of handholding in absence of documentation. it is hard to do 'customization lite' even though it seems a few tweaks gets people a long way without knowing how to develop a whole new custom app. thanks
glazou
commented
8 years ago You are welcome. As far as I know you always need a redirect URL when using oAuth.
Enter something like this 'http://mymap.com' (you don't need to enter the full address like 'http://mymap.com/app/index.html' but you absolutely need to specify 'http://' at the beginning).
If you are over 'https://', you need to use 'https://mymap.com'. If you are not sure, or use both protocol, enter two redirect URL
upcamogie
commented
8 years ago getting closer perhaps. I do not have the generic portal looking page but go to a page that states "App Authentication (name of my app) wants to access your ArcGIS Online account information" and the log in area and the name of my org on the side. I still see no references to the proxy in the network traffic but it must be going there since the oauth app is getting referenced.
I can try more things on Monday if you have suggestions. I will say that once i do log in w/credentials my story map appears, yet the actual web maps on the pages do not (message "Something went wrong, the map did not load correctly") but I will tackle that problem after I get the log in screen to go away.
glazou
commented
8 years ago Ok, I suggest you separate proxy and oAuth. If you use oAuth you may not need a proxy if your services is hosted in Online.
If the layer does not load you may need proxy. For your test you could start with an app and a webmap that is public and try to apply proxy rules. Then add oAuth.
upcamogie
commented
8 years ago Looks like I know what I will be doing Monday- thanks., I will report back with my findings
upcamogie
commented
8 years ago Could not get past first step. story map with one web page as my public image and the story map private. Did not work- get the "App Authentication wants to access your ArcGIS Online account information" information. Only difference is if i dont have the appId in my index.html, I get a log in box, otherwise its the AGOL log in page with the above message. Does not look like anything is being passed (oauth or proxy).
Do you know anything about the the enhancement I referenced in an earlier post? ENH-000092603
glazou
commented
8 years ago Sorry to hear. I got access to ENH-000092603, as I understand what is requested is to make possible to add proxy rules through configuration instead of by code, like I described at https://github.com/Esri/map-series-storytelling-template-js/issues/17#issuecomment-161437878 So this should not fix your issue.
At this point, your best way forward may be to work with support. They have more resource than me to help you. But couple of ideas:
upcamogie
commented
8 years ago Thank you for the response. I don't care how I can add proxy rules- code or config-- I just need it to work one way or another and not wait until someone decides this 'enhancement' is worth tackling.
I am happy to work with support but thought i would try here since so far I have talked to 2 people and there is still no word on when/who will ultimately assist me.
To answer your questions:
I had gotten the 'unauthorised redirect URI' in the past before I added it to my oAuth app.
Hope this helps explain on what I can possibly test until I get a response from support. They are supposedly 'dedicating additional resources' which is great if those resources contact me & resolve this in a timely manner. My last proxy issue took weeks so I that is why I am trying all angles to get something to work. Thanks again
glazou
commented
8 years ago Sorry, I am sure this can be frustrating. I suggest you send this thread to support, all this experiment we have been doing should help them diagnose your issue further.
iwittenmyer
commented
8 years ago I don't think that enhancement will be addressed because it seems to already be possible to accomplish this task. Here is the set up for my test case which seems to be working:
Resources: • A secure service on this server: http://utility.arcgis.com o This service was added as an item with credentials saved, shared with the org, and added to my map • A map and map series app created through builder shared with my org on http://www.arcgis.com • Downloaded and hosted map series on my server which references the three resources above via the appid: http://myserver.esri.com/MapSeries/index.html o This map series app was added as an item, shared with my org, and registered to obtain appid/appsecret (i.e. clientId/ clientSecret ) for use in the proxy. redirect uri's to http://myserver.esri.com and https://myserver.esri.com • Proxy on my server: http://myserver.esri.com/DotNet/proxy.ashx
Config: • Downloaded map series: o add appid of map series created from builder above to index.html for the ‘appid’ option. o Add proxy rules (I did it at line 269) for the server that hosts the secured service and arcgis.com like this:
require(["esri/urlUtils"], function(urlUtils) {
urlUtils.addProxyRule({
urlPrefix: "http://utility.arcgis.com",
proxyUrl: "http://myserver.esri.com/DotNet/proxy.ashx"
});
urlUtils.addProxyRule({
urlPrefix: "http://www.arcgis.com/sharing/content",
proxyUrl: “http://myserver.esri.com/DotNet/proxy.ashx"
});
});• Proxy: add the server and arcgis.com to my proxy like this:
<?xml version="1.0" encoding="utf-8" ?>
<ProxyConfig allowedReferers="*"
mustMatch="true">
<serverUrls>
<serverUrl url="http://utility.arcgis.com"
matchAll="true"/>
<serverUrl
url="http://www.arcgis.com/"
clientId="xxxxxxxx"
clientSecret="xxxxxxxxxxxx"
matchAll="true"/>
</serverUrls>
</ProxyConfig>Thanks- I also just got notice from my support analyst that they figured it out. I try both solutions, the one you posted here and that one (they look pretty much the same but i didnt formally compare).
The issue for me anyway is that I am not a developer so I enlist support when I need some help. Much of the time several people at Esri have different answers to issues and that is frustrating to me. If there was better documentation on how to add simple things that have wide useful potential-- such as being able to share secure content- I may not be as much of a pain in the ass, ha. Thanks again
upcamogie
commented
8 years ago know it is marked closed now, but support still has not solved my issue.....
It has come to my attention that there is no way to authenticate via proxy in this template and that there has been an enhancement (rather than bug) for this functionality. Do you have any other suggestions on how to work around this? This template is very useful but having to have everything shared with everyone on AGOL is not a good solution, nor is having a log in screen. Supposedly other story map templates have this ability-- any suggestions on what to use? (although i really like the tabbed theme & accordion) thanks