ArcGIS Enterprise Logins with web tier auth (IWA/PKI)

EsriPS / arcgis-assistant-feedback

A Swiss Army Knife for ArcGIS.

https://assistant.esri-ps.com

29 stars 2 forks source link

ArcGIS Enterprise Logins with web tier auth (IWA/PKI) #40

Open jpeterson opened 2 years ago

jpeterson commented 2 years ago

Discussed in https://github.com/EsriPS/arcgis-assistant-feedback/discussions/38

^{Originally posted by **mgress12** January 14, 2022} Does this app support enterprise portals configured with IWA/single sign on? The old ArcGIS online assistant had an option to login with IWA. I've added and registered the app to Portal. Double checked the redirect URI but not having luck connecting. I get a prompt for an approval that finds my credentials in Portal. After approving I'm returned to ArcGIS Assistant with only the top menu bar visible and the rest of the screen is grayed out. Here are the registered app settings: ![App_Reg_Info](https://user-images.githubusercontent.com/77856661/149581222-4ef2d65a-ef8d-4ea4-bc49-2538ce591c6d.PNG) Thanks! Matt

mdlong commented 2 years ago

+1 on this feature. I am unable to use this tool with my Portal until web tier auth is added.

joeyHarig commented 2 years ago

@nheminger Are there any updates on this enhancement request? I need PKI login support for a project, so I'm willing to take on any remaining dev work.

nheminger commented 2 years ago

@joeyHarig No updates recently. I have an initial prototype of the changes that will need to be made in the background but don't have any frontend GUI changes made yet. I can send over what I have so far and go over it with you.

joeyHarig commented 2 years ago

@nheminger That would be great! Do you have a branch with your changes?

bchileen commented 1 year ago

+1 on this feature as well, I would love to use this app but until PKI login is supported, im unable to link to my portals.

ftm610 commented 1 year ago

+1 @jpeterson @nheminger when will IWA Portals be supported?

Same behavior with Portal 10.9.1 as described by OP. No success adding website to Portal's Allowed Origins list or adding website as registered application item to Portal's App Launcher.

We also see this console log error reported by others... accountManagerUtils.js:241 Error getting User Session (completeOAuth). Error reading property may result from app redirecting before operation can read token hash in url. Error: Could not create account object. This could be due to UserSession.getUser(). TypeError: Failed to fetch

This Portal can authenticate successfully with the old AGO Assistant site using both "PKI or IWA Login" and "OAuth Login" options.

JPStupfel commented 3 months ago

I can verify this is still an issue even after the Rest JS update.

To repro I attempt to authenticate to https://jctest1.esri.com/ which uses IWA. I am redirected to the log in page and not authenticated.

On the contrary, if I authenticate using jctest4 I am successful.