Web-tier authentication

Limitations of web-tier authentication

Web AppBuilder (developer edition) running on Safari on Windows does not support web-tier authentication.

Best practices

Keep the following in mind when working with web-tier authentication:

• In your app's config.json file, if the portalUrl property points to a portal using web-tier authentication, set the isWebTier property to true.
• If your widgets use resources from a portal or server with web-tier authentication, put the host server domain—with an existing port number if available—into the authorizedCrossOriginDomains array in your app's config.json file. For example, if the Query widget uses the REST services from an IWA-authenticated server and the URL is https://serveriwa.ags.esri.com/gis/rest/services/Test/MapServer, add serveriwa.ags.esri.com to the authorizedCrossOriginDomains array. If the URL is https://serveriwa.ags.esri.com:6443/arcgis/rest/services/Test/MapServer, add serveriwa.ags.esri.com:6443 to the authorizedCrossOriginDomains array.
• At run time, if you programmatically access resources from a portal or server with web-tier authentication, call the addWithCredentialDomain method to add a single domain or the addAuthorizedCrossOriginDomains method to add multiple domains from the tokenUtils module in the jimu folder.
• To work with ArcGIS Enterprise seamlessly, apply an SSL certificate for your ArcGIS Enterprise portal regardless of whether it's web-tier authenticated. Don't use a self-signed certificate, as it is easily blocked by the browser. Instead, apply a domain certificate or a worldwide certificate if you can.