Hi there!
I do not think it is 'distrustful' certs due to the following: (but not 100% sure yet...)
I can manually log into a 'distrusted' tab to arcgis server, obtain token, then the web application builder sees the secure services when accessing external. the cert is only a validation, you can still allow the browser to continue. I am not worried about that part or concerned.
so, since the browser obtained the token from arcgis server, the WEB MAP in portal works as expected... allowing the Identity dialog to appear because of the secure mapping service.
the Web APP does NOT! (note the difference, web MAP and web APP)
This is all BEFORE even downloading the 'code' from portal of the web APP to add to IIS.
This works: I CAN add ActiveDirectory users to the ArcGIS Server using 'windows authentication', then enable windows Auth in IIS, then rather than the pretty dialog, it uses the browser sign in popup... but IT really didnt like creating Users for the server itself, when it could be contained in ArcGIS Server alone (built-in).
I am in the process of applying for a EV Cert (which is a pain I must say...)
JavaScript API talks about this here: ags_secureservices.html | Guide | ArcGIS API for JavaScript
'To use the Identity Manager simply add the esri/IdentityManager module to your application.' Is this missing from web app builder?
OR... am i just missing 'something'
I cant be the only one adding secure services to a WAB application, extracting and adding to IIS.
Note: I DO NOT want to use Portal OAuth to mitigate.
The attachment is a WEB MAP, external, using 'distrustful'... and there it is! Exactly what I want and expect ... but never shows up in Web App Builder... web app builder has Empty Layer list and never challenges. Thus, the application put in IIS also has empty layer list.
No proxy.
What is Interesting is that I am not able to add a secure service to ArcGIS Online Web Map either, unless i obtain the token from ArcGIS Server in a separate tab (so the browser now has it... at which point I would get the prompt as seen above in Online Web Map but the credentials would fail.
what does this mean?
should I not have 6443 https enabled on server? Not through web adaptor 443?
the mandate is to have https all around. Perhaps it IS the cert...
Fiddler is not offering much for troubleshooting...