"Integrated windows authentication" throws error when connecting with an IWA authenticated Portal for ArcGIS instance.

Question

"Integrated windows authentication" throws error when connecting with an IWA authenticated Portal for ArcGIS instance.

gayl0000 opened this issue 5 years ago · 3 comments

Add a IWA Portal (such as https://kghime.esri.com/portal or https://dev0004327.esri.com/portal) in the text box and click the button "Search IWA Secured Portal"
Error is thrown saying "Portal sign in failed".
See attached image "IWA_SampleApp_Error.JPG"

Note:
The same application works in ArcGIS Runtime SDK for .NET UWP

Answer 1 · 2019-11-14T15:11:34.000Z

I've found that this is because the sample is not designed to work with self-signed challenges. The code

    if (authenticationChallenge.getType() == AuthenticationChallenge.Type.USER_CREDENTIAL_CHALLENGE
        && authenticationChallenge.getRemoteResource() instanceof Portal {

      // If challenge has been requested by a Portal and the Portal has been loaded, cancel the challenge
      // This is required as some layers have private portal items associated with them and we don't
      // want to auth against them
      if (((Portal) authenticationChallenge.getRemoteResource()).getLoadStatus() == LoadStatus.LOADED) {
        return new AuthenticationChallengeResponse(AuthenticationChallengeResponse.Action.CANCEL,
            authenticationChallenge);
      }

can be replaced with something like the following to allow this to work.

AuthenticationManager.setSelfSignedCertificateListener(new SelfSignedCertificateListener() {

      @Override
      public SelfSignedResponse checkServerTrusted(X509Certificate[] x509Certificates, String s) {
        SelfSignedResponse response = new SelfSignedResponse(true, false);
        return response;
      }
    });

 if ((authenticationChallenge.getType() == AuthenticationChallenge.Type.SELF_SIGNED_CHALLENGE ||
        authenticationChallenge.getType() == AuthenticationChallenge.Type.USER_CREDENTIAL_CHALLENGE)
        && (authenticationChallenge.getRemoteResource() instanceof Portal)
        || authenticationChallenge.getRemoteResource() instanceof UnknownRemoteResource) {

      // If challenge has been requested by a Portal and the Portal has been loaded, cancel the challenge
      // This is required as some layers have private portal items associated with them and we don't
      // want to auth against them
      if (authenticationChallenge.getRemoteResource() instanceof Portal
          && ((Portal) authenticationChallenge.getRemoteResource()).getLoadStatus() == LoadStatus.LOADED) {
        return new AuthenticationChallengeResponse(AuthenticationChallengeResponse.Action.CANCEL,
            authenticationChallenge);
      }

Answer 2 · 2019-11-14T15:11:55.000Z

this is for https://devtopia.esri.com/runtime/java/issues/2020

Answer 3 · 2019-11-14T21:24:00.000Z

Closing this issue to be handled internally.