Unable to sign out of FieldMaps - SAML & Android.

VickyS · ‎03-31-2023

Hi

Has anyone else had issues signing out of Field Maps with SAML authentication enabled in ArcGIS Enterprise? I can sign in and sign out but then if I tap 'sign in' again I am logged straight back in without being prompted for my credentials. Essentially we cannot switch users.

We have just installed ArcGIS Enterprise 11.0 and set up SAML authentication. FieldMaps on Android is not letting users sign out unless we clear the cookies from the browser. We are using Android 11 and FieldMaps 23.1.1. It works on iOS devices.

@ColinLawrence - Have you come across this before? It would be useful to know if it is a bug or a issue with our system set up.

Thank you

ColinLawrence · ‎03-31-2023

Hi @VickyS ,

This is a known issue that you are running into. The workaround is to clear your browser cache as you have already discovered. There is a Support bug logged for Collector (BUG-000133948) but not for Field Maps although its the same underlying issue. You could call Support and get attached to the existing bug or have them create a new one for Field Maps to track the status. We are still looking into a way around this one.

Regards,
Colin

VickyS · ‎11-07-2023

Hi @ColinLawrence, do you have an update on this? The work around is not practical for field workers and the work around fail more often than not.

Thank you

ColinLawrence · ‎11-07-2023

Hey @VickyS it looks like no real progress has been made but I raised this as a concern so hopefully the team can re-evaluate. Thank you

Regards,
Colin

AnthonyJonesRSK · ‎11-28-2023

Hi Colin, can this be escalated please? We have just adopted SSO and have just discovered this issue. It appears to occur even if the user declines for their credentials to be remembered. I find it pretty incredible that this has been an issue in Field Maps since 2021 and hasn't yet been resolved as it's quite a security risk, allowing users to access the accounts of others if they share a tablet, particularly if they've not consented to their credentials being stored in the browser.

Is it worth me raising a ticket myself on this to try and add some weight to the urgency for a fix?

Thanks

Anthony

RichardHowe · ‎11-28-2023

Adding weight to this request. ESRI potentially breaching GDPR regs here?

ColinLawrence · ‎11-28-2023

Can you please reach out to Tech Support and ask for this bug to be escalated (BUG-000133948)? That would be the official way to have it escalated. I had recently updated the bug to point to Field Maps instead of Collector.

Regards,
Colin

VickyS · ‎11-30-2023

@ColinLawrence The bug need updating to read Android as well. I have contacted ESRI UK support team to escalate it I but just get sent the link to the bug page.

ColinLawrence · ‎11-30-2023

Hi @VickyS the title should already mention Android and it is logged under Field Maps Android bugs. Or are you referring to something else?

Regards,
Colin

AnthonyJonesRSK · ‎01-19-2024

Hi Colin,

Just wondered if this is actively being looked into? I also raised this with Esri UK and was just informed that as it is already logged as a bug then there was nothing they could do. Is there potential for it to be escalated from its current "Medium" severity?

There is the potential scenario for us now that users will be able to access data they shouldn't have access to because they will find themselves logged into someone else's account by accident. This is a big problem for us when some clients ask us to sign confidentiality agreements. It also undermines the whole point of having data sectioned off in groups for different users.

The issue was originally raised in October 2020, I am genuinely baffled as to why this is not a higher priority for a company that considers data security paramount. Any update on this would be very much appreciated.

Thanks

Anthony