Skip to main content
  • EN

Hi FME'ers,

I am having trouble authenticating any OAuth 2.0 web connections with FME Desktop 2018.1 (Build 18528). I am trying to access ArcGIS Online but this problem occurs with any OAuth 2 service. I understand that the issue is with my organisations proxy/firewall but I am trying to diagnose precisely where the failure is occurring. FYI, We use a pac file proxy.

In Options > Network Proxy, I have 'Use system proxy settings' checked. I know I can get access to the internet with this setting because I have access to FME Hub and can use HTTPCaller.

In Web Connection > Manage Services, I select the new connection I created for AGOL and click Test. The credentials screen appears so I enter my credentials and click Sign In. I then get a Network Error dialog box saying "Failed to obtain refresh token: Error retrieving access token. Check Log Window for more details." In the log file I get the message: "407 Proxy Authentication Required" followed my a web page from organisations proxy (in plain HTML) saying that "Authentication Failed, the website you have requested is blocked."

My network team white-listed www.arcgis.com both on the proxy and firewall but that made no difference. They gave my IP free access to the internet and it worked (I set Network Proxy to No proxy) but they are loathe to allow me persistent free access so I need a fix.

What I would like to know is:

  1. How does FME use OAuth 2.0?
  2. Where in the chain does it break?
  3. What does my network team need to fix this?

Many thanks,

David

 

 

I think it could be related to the authentication 'type' of the proxy. I think there is some limitation with some formats currently with NTLM authentication and certain formats. Are you able to use Background maps at all? If you can use the HTTPCaller but not the background maps then I think this might be part of the issue.

@djmcdermott

I agree with Matt, Can you confirm what Authentication Type your server is configured to use If there is an authentication associated with Proxy Server (fill that information in FME Options) and try again.

Can you confirm, when using HTTPCaller, in the log file the URL is going through the proxy server?

you can confirm this by adding Logger after HTTPCaller and checking the log file. If your Authentication type is set to NTLM(it most likely will not work).

Hi @virtualcitymatt and @rahulsharma,

Thank you both for responding. The proxy authentication type is Active Directory SSO which i believe is NTLM. I can use the HTTPCaller and background maps such as WMS and Stamen but I cannot use AGOL. When I try to connect I get this error:

'HTTPSConnectionPool(host='www.arcgis.com', port=443): Max retries exceeded with url: /sharing/generateToken?f=json (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 407 Proxy Authorization Required',))

Rahul, I did as you suggested and connected a HTTPCaller to a Logger. Here is the log file fme-httpcallerlogger.txt. I have had to doctor parts of it for security reasons. What's interesting is FME needs to make three attempts to connect through my organisations proxy. I will have to take this new finding to the network team. This behaviour also appears to block any HTTPS connection.

Hi @virtualcitymatt and @rahulsharma,

Thank you both for responding. The proxy authentication type is Active Directory SSO which i believe is NTLM. I can use the HTTPCaller and background maps such as WMS and Stamen but I cannot use AGOL. When I try to connect I get this error:

'HTTPSConnectionPool(host='www.arcgis.com', port=443): Max retries exceeded with url: /sharing/generateToken?f=json (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 407 Proxy Authorization Required',))

Rahul, I did as you suggested and connected a HTTPCaller to a Logger. Here is the log file fme-httpcallerlogger.txt. I have had to doctor parts of it for security reasons. What's interesting is FME needs to make three attempts to connect through my organisations proxy. I will have to take this new finding to the network team. This behaviour also appears to block any HTTPS connection.

Did you ever get this working? I'm getting the same error trying to access SharePoint Online and AGOL through an NTLM proxy.  I'm using FME 2020 Beta (20175).

Did you ever get this working? I'm getting the same error trying to access SharePoint Online and AGOL through an NTLM proxy. I'm using FME 2020 Beta (20175).

Hi @mixedbredie, thanks for your question. I see this original post is from quite some time ago. Would you be open to posting this as a new question for better visibility? You're always welcome to link back to this post for the context. Thanks!

Reply


Community Stats

30,112
Posts
114,303
Replies
37,745
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.