Skip to main content

SSO with Vertigis Studio Web viewer

Joël Hempenius

When our users open a Vertigis Studio Web viewer application (on premise) they get another popup requesting them to sign in, even when the're already signed in in Portal.

A couple of users complained that this popup window doesn't come to the front when using Edge. This is probably some issue with their laptop and has nothing to do with the Vertigis application for sure, but it got me thinking that there should be a way to get rid of this authentication popup and create a single sign on experience.

To start with, I made the following observations:

  • The Vertigis Studio designer is registered in the App launcher of Portal for ArcGIS
  • The Vertigis Studio designer doesn't present me an authentication popup when I launch the designer from the app launcher
  • The Vertigis studio designer and viewer webapplication share the same appid
  • The Esri documentation states that: For web apps added to the app launcher, members will not see a Request for Permission prompt when they access the app.
    Manage apps in the app launcher—Portal for ArcGIS | Documentation for ArcGIS Enterprise

Based on the above, I thought that if I could add the Vertigis Webviewer as an application to the launcher as well, I could get the same behaviour. To achieve this I did the following steps:

  1. Registered https://my.domain/Geocortex/WebViewer/ as an webapplication in my portal
  2. I generated the oauth information on this new app, with redirect url to https://my.domain/Geocortex/WebViewer/ 
  3. I added the application to the App launcher in Portal
  4. I changed the portal.json configuration file on my webserver in /Geocortex Web Viewer/Deployment/auth to have this new appId instead of the Designer app id
  5. I created a gallery with multiple Vertigis Webviewer applications as content
  6. I created a new homescreen, added a gallery row and configured the gallery from step 5

Now when I navigate to the homescreen, Sign in on Portal and then click one of the items in the gallery, the second authentication popup doesn't show (other places it still does). So I think i achieved what I wanted.

I had to make a change to the portal.json configuration file, to give the viewer application a new appId, which differs from the designer appId. Is this safe to do? 

0

Comments

3 comments

Date Votes
  • Bart Middelburg

    Hi Joël, 

    Thanks for sharing the insight that apps added to the app launcher, members will not see a Request for Permission prompt. I didn't know that. In my case adding the item used for managing the authorisation (defined in the post installer(s)) for the module Viewer to the app launcher did the trick already, did not need to change any configuration server side. 

    0
  • Joël Hempenius

    Doesn't that break the authentication on the designer and / or the publishing workflows when using Print or Reporting? We struggled a lot with print and reporting until we configured all three using the same appid in the post installers. 

    0
  • Bart Middelburg

    You can add the application that handles authentication for multiple modules to the app launcher. So that shouldn't make a difference I think.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post