Security Configuration ArcGIS Portal or ArcGIS Online Authentication - Esri/geoportal-server-harvester GitHub Wiki

Configure Harvester to use ArcGIS Portal/ Online Authentication

1. Add Harvester app in ArcGIS Enterprise / Online for oAuth Login

    ArcGIS Portal

      https://doc.arcgis.com/en/arcgis-online/manage-data/add-app-url.htm#REG_APP
      Follow the steps in section - Add and register an app with embedded OAuth 2.0 credentials

      1. For Redirect URI, add http://servername:8080/harvester/login/oauth2/code/arcgis
      2. Application Environment - default selection 
      3. URL - http://servername:8080/harvester
      4. Leave remaining settings as default.
      5. Fill title on last page and Save.
      6. Note the Client ID and Client Secret from Settings tab.

   ArcGIS Online

   https://doc.arcgis.com/en/arcgis-online/manage-data/add-app-url.htm#REG_APP
   Follow the steps in section - Add and register an app with embedded OAuth 2.0 credentials

   1. For Redirect URI, add http://servername:8080/harvester/login/oauth2/code/arcgis
   2. For Referrer URLs, http://servername:8080/harvester
   3. Application Environment - default selection 
   4. URL - Leave empty
   5. Leave remaining settings as default.
   6. Fill title on last page and Save.
   7. Note the Client ID and Client Secret from Settings tab.

2. Uncomment the following line in hrv-context.xml to use app-security-arcgis.xml for authentication

  <!-- <import resource="app-security.xml" /> -->
   <import resource="app-security-arcgis.xml" />
Make sure that only one line (app-security-arcgis.xml) is uncommented. 

3. Update app-security-arcgis.xml

Client Registration settings

This section defines the settings for Client Registration

- Update client-id, client-secret noted from Step 1
- Update servername in redirect-uri 

<client-registration registration-id="arcgis"
   client-authentication-method="post"
   client-id=""
   client-secret=""							 
   authorization-grant-type="authorization_code" 
   redirect-uri="http://servername:8080/harvester/login/oauth2/code/arcgis"  
   client-name="ArcGIS"                                                     
   provider-id="arcgis"                                     
/>

Provider settings

ArcGIS Portal

- Replace portal_hostname with ArcGIS Portal hostname
- Replace portal_webadaptorname with  ArcGIS Portal webadaptor name

<provider provider-id="arcgis"                               
	  authorization-uri="https://portal_hostname/portal_webadaptorname/sharing/rest/oauth2/authorize"
	  token-uri="https://portal_hostname/portal_webadaptorname/sharing/rest/oauth2/token?f=json"
	  user-info-uri="https://portal_hostname/portal_webadaptorname/sharing/rest/community/users"
	  user-info-user-name-attribute="username"                             
/>

ArcGIS Online

  <provider provider-id="arcgis"                               
        authorization-uri="https://www.arcgis.com/sharing/rest/oauth2/authorize"
        token-uri="https://www.arcgis.com/sharing/rest/oauth2/token?f=json"
        user-info-uri="https://www.arcgis.com/sharing/rest/community/users"
        user-info-user-name-attribute="username"                     
 />

Restart Tomcat