Generate Token: Expiration

10548
10
Jump to solution
12-13-2013 12:44 PM
ZachChristoff
New Contributor III
I requested a token to not expire for a year. I added the token to my proxy file, but it seems to only last for an hour before my token goes bad (expires?).

I must be doing something wrong? Here's the JSON response for a year expiration.

{
  "token": "<token>",
  "expires": 1386978021050,
  "ssl": true
}

P.S.  I'm using the token for accessing secured services under Portal federation.
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
ZachChristoff
New Contributor III
ESRI tech support submitted this as a bug (NIM097840) in Portal. Basically, Portal's tokens are not honoring expiration's greater than 1 hour.

View solution in original post

0 Kudos
10 Replies
WilliamCraft
MVP Regular Contributor
I am pretty sure the request for a a 1-year token gets overridden by the Security Settings in ArcGIS Server Manager under the Security --> Tokens section.  Are you requesting the token via the tokens application such as https://servername/arcgis/tokens/ and setting the expiration to 1 year in the drop down menu?  While that might sound like the right approach (if this is indeed what you're doing), there's one more setting to configure in AGS Manager.  See the screenshot...

[ATTACH=CONFIG]29877[/ATTACH]

Change your Long-Lived Tokens value to 365 days and see what happens after an hour as a result after requesting a new token.  You can do this by clicking the small pen icon to the right of the section header.
0 Kudos
ZachChristoff
New Contributor III
That didn't seem to work... 😞

If I generate a token from https://myportal.somedomain.com/portal/sharing/GenerateToken  and set its expiration date to greater than 1 hour it always (and only) returns 1 hour. That's not right?
0 Kudos
WilliamCraft
MVP Regular Contributor
My mistake; I realize now that I'd provided you info on how to change the duration of tokens in ArcGIS for Server and not for Portal.  I apologize.  I can actually reproduce the issue you described.  That being said, I combed through the various configuration files on the file system for Portal and through the application itself.  I can't find anything specific to Portal for token duration.  You should probably contact Tech Support.
0 Kudos
ZachChristoff
New Contributor III
ESRI tech support submitted this as a bug (NIM097840) in Portal. Basically, Portal's tokens are not honoring expiration's greater than 1 hour.
0 Kudos
DamianoMorosi1
New Contributor II

Hi Zach,

I have a similar configuration on 10.3.1 (Portal and Web Adaptor with Windows authentication), with the duration of the token limited to half an hour, no matter what you specify inside the portal preferences.

Do you know if this bug applies also to this version? Is the proxy the only workaround solution to this issue?

Thanks

0 Kudos
DominiqueBerger
New Contributor II
ESRI tech support submitted this as a bug (NIM097840) in Portal. Basically, Portal's tokens are not honoring expiration's greater than 1 hour.


Hi Guys

Has anyone got a work around for this? I have been trying to set up a proxy that will dynamically generate the token so that I don't have to worry about the 1 hour expiry however I am not having much luck. This bug is really annoying!

Basically I have ArcGIS Server services that I use in an existing Flex application and I want to federate that server with my newly installed Portal (using Windows Authentication). However if I do that then that means when anyone goes to the flex site they get prompted to log on to view the services.

Any advice is greatly appreciated!

Thanks very much

Dominique
0 Kudos
ZachChristoff
New Contributor III
Dominique...

ESRI has a proxy site available on GitHub that has the latest and greatest builds. We were able to get the token generation working via Portal by ensuring all client requests go through the proxy. We also had to "tweak" the proxy a bit to get it to work within our environment (painful).

https://github.com/Esri/resource-proxy/

Note: One thing that held me up for days was making sure that the correct account had the correct permissions within Portal. We used impersonation within our proxy; therefore we needed to add that service account as a name user in Portal.

Best of luck!
0 Kudos
DominiqueBerger
New Contributor II
Dominique...

ESRI has a proxy site available on GitHub that has the latest and greatest builds. We were able to get the token generation working via Portal by ensuring all client requests go through the proxy. We also had to "tweak" the proxy a bit to get it to work within our environment (painful).

https://github.com/Esri/resource-proxy/

Note: One thing that held me up for days was making sure that the correct account had the correct permissions within Portal. We used impersonation within our proxy; therefore we needed to add that service account as a name user in Portal.

Best of luck!


Hi ZKristov

Thanks very much for your reply - I really hope I can this working! Do you dynamically generate the token by having the user name and passowrk in the proxy.config? If so would you be able to reply with a copy of it so I can see the set-up (of course you can block out any of the credentials :)) Obviously due to the bug I can't put a token in, which is what I have set up on another one of my extexternal ArcGIS server boxes, however I can't get the dynamiclly generated token proxy to work.

Thanks again and thanks for the tip about making sure I have the correct user account - I am sure this information will save me a few headaches 🙂

Dominique
0 Kudos
DominiqueBerger
New Contributor II
Hi ZKristov

Thanks very much for your reply - I really hope I can this working! Do you dynamically generate the token by having the user name and passowrk in the proxy.config? If so would you be able to reply with a copy of it so I can see the set-up (of course you can block out any of the credentials :)) Obviously due to the bug I can't put a token in, which is what I have set up on another one of my extexternal ArcGIS server boxes, however I can't get the dynamiclly generated token proxy to work.

Thanks again and thanks for the tip about making sure I have the correct user account - I am sure this information will save me a few headaches 🙂

Dominique



I all - just thought I would answer my own question. I managed to get this up and running so if you need an example of how to dynamically generate the token through a proxy my settings are below;

<ProxyConfig allowedReferers="*"
             mustMatch="false">
     <serverUrls>
        <serverUrl url="http://server:6080/arcgis/rest/services"
     username="username"
     password="password"
                   matchAll="true"/>
    </serverUrls>    
</ProxyConfig>

Thanks
Dominique
0 Kudos