Available with Workflow Manager license.
Web security can be set up for the ArcGIS Workflow Manager JavaScript Viewer using either Windows Authentication with IIS, Portal for ArcGIS Authentication or ArcGIS Server token authentication.
Set up security using Windows authentication with IIS
Follow these steps to set up your web security by using Windows Authentication.
- Enable Windows Authentication in IIS.
For details on how to enable Windows Authentication in IIS, see Windows Authentication.
- Ensure Anonymous Authentication is disabled for your website.
- In the JavaScript viewer folder, rename the web.config file to web-secure.config.
- Modify the deployed js/app/WorkflowManager/config/AppConfig.js file to use Windows Authentication.
- Set the Authentication mode to Windows (AuthenticationMode: "windows")
- Rename the file extension of index.html to index.aspx. This enables the file to be edited as a .NET file.
- Open the index.aspx file for editing.
- Enable the application to use the Windows Authenticated user.
- For repositories without domain authentication, remove '//' (uncomment) from the line var user = "<%= User.Identity.Name.Replace(MyDomain)\","") %>";
Replace 'MyDomain' to match your organization's domain.
- For domain authentication, remove '//' (uncomment) from the line var user = "<%= User.Identity.Name.Replace("\","*") %>";
- For repositories without domain authentication, remove '//' (uncomment) from the line var user = "<%= User.Identity.Name.Replace(MyDomain)\","") %>";
- Set up the application to use the Windows Authenticated user at startup.
- Remove '//' (uncomment) from the line Controller.startup( {user: user} );
- Put '//' (comment) in the line //Controller.startup();
Note:
Some web browsers automatically log users in. If not, enter the user login information and click OK.
Set up security using ArcGIS Portal authentication
Workflow Manager JavaScript viewer can be configured to use the Portal for ArcGIS authentication. Support for Portal authentication was added in ArcGIS Workflow Manager for Server at the 10.3.1 release. This configuration requires ArcGIS Server to be federated with an on-premise Portal for ArcGIS installation.
- Federate ArcGIS Server with Portal for ArcGIS using ArcGIS Web Adaptor.
For information on how to federate ArcGIS Server, see Federate an ArcGIS Server site with your portal.
- Install ArcGIS Workflow Manager for Server on the federated ArcGIS Server site and publish your Workflow Manager service.
For Portal for ArcGIS 10.5
In Portal for ArcGIS 10.5, the Workflow Manager JavaScript viewer can be deployed to a predefined location in the on premise Portal application directory. The application directory for the Workflow Manager web application already has a preregistered applied, so no additional web application registration is needed.
- Copy the contents of the Workflow Manager JavaScript viewer folder into the Portal installation directory: \ArcGIS\Portal\apps\workflow.
- Modify the deployed workflow/app/WorkflowManager/config/AppConfig.js file to use Portal for ArcGIS Authentication.
- Set the Authentication mode to Portal (AuthenticationMode: "portal")
- Update the Portal URL (PortalURL: "https://your-server/portal")
- Verify the Application ID is set to wmxweb.
- To access the JavaScript viewer:
- Log into Portal and search for ArcGIS Workflow Manager application.
- Access via https://your-server.domain/portal/apps/workflow.
For Portal for ArcGIS versions earlier than 10.5
The Workflow Manager JavaScript viewer will need to be manually added and registered as an application in Portal.
- Copy the contents of the Workflow Manager JavaScript viewer folder into the web folder of the HTTP server, either at the root or a subfolder. For example C:\Inetpub\wwwroot, C:\Inetpub\wwwroot\wmviewer, C:\Apache\htdocs, C:\Apache\htdocs\wmviewer.
- Add the JavaScript viewer as an item in Portal for ArcGIS.
For more information on how to add item to Portal for ArcGIS, see Add items.
- Register the JavaScript viewer with Portal for ArcGIS.
For more information on how to register your application with Portal for ArcGIS, see Register your app section of the Portal for ArcGIS topic Add items.
- In Portal for ArcGIS Application Settings, update App Registration and add the machine hosting the JavaScript viewer to the existing Redirect URIs. The redirect URI can be redirected to after users successfully login: https://[hostname].domain.
- Copy the Application ID of the registered JavaScript viewer.
- Modify the deployed js/app/WorkflowManager/config/AppConfig.js file to use Portal for ArcGIS Authentication.
- Set the Authentication mode to Portal (AuthenticationMode: "portal")
- Update the Portal URL (PortalURL: "https://your-server/portal")
- Update the Application ID of the registered JavaScript viewer. This is the same Application ID copied from step 5. The ID is set to your-application-id.
- To access the JavaScript viewer:
- Log into Portal and click on the Workflow Manager JavaScript viewer registered in Portal.
- Access directly by the application URL.
Use Token authentication
When using ArcGIS Server Token authentication with server built-in roles and users from the Windows domain, you need to provide the domain along with the username at the time of login to the viewer. This is irrespective of whether or not domains are enabled for use in Workflow Manager.