Logging in with Identity Provider

152
5
Jump to solution
2 weeks ago
Highlighted
Regular Contributor

I'm having trouble connecting to our portal and I think it's because we get redirected to a separate sign in that's not hosted by ESRI (e.g. I enter our organization's URL, the button changes to reflect our organization name and after clicking that it redirects me to our university's sign in, then it authenticates me and redirects me to our portal home page). So it's a third-party identity provider being used... my university username (xxx) that I have to use in the login I am redirected to differs from my portal username (xxx_orgName), though I have tried both and neither work. How do you connect to your web GIS when you have a third-party identity provider?

#Using IDP username
gis = GIS("https://domain.com/web_adapter", "xxx", "myPassword")

#Using username that appears when I am logged into the portal
gis = GIS("https://domain.com/web_adapter", "xxx_myOrg", "myPassword")

 

Reply
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Regular Contributor

After working with ESRI support, if you are using a third-party IDP to log into Enterprise, you cannot access your layers through the Python API by logging in normally. You must either have built-in credentials to log in non-interactively, or, you must use a client ID workflow which requires interaction after your script starts to run. ESRI will not be working on fixing this issue because they have no way of knowing how users are prompted to log in with their IDP or how it is configured. 

View solution in original post

Reply
0 Kudos
5 Replies
Highlighted
Esri Contributor

Hi Molly, 

Do you have enterprise logins configured with your Portal organization? 

If so, please take  a look at the following link for working with different authentication schemes in the ArcGIS API for Python.

https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/#User-authe...

Let me know if this helps.

-Calvin

 

Highlighted
Regular Contributor

Thanks, but unfortunately this won't work for me. I can successfully use a client ID  and OAuth 2 to authenticate, but I need this script to be non-interactive. Eventually I would like to publish it as a geoprocessing service so someone can click a button on a JS API built web map which will launch the script on the server and pull some data down from our web GIS to work with in ArcPy. I'm not even sure that's something that will work, but I can try it if I could just log into our portal passively.

Reply
0 Kudos
Highlighted
Esri Contributor

Hi Molly,

When logging in to your Portal organization, to you have the option to sign in either as an ArcGIS built-in user or as an Enterprise user? Do they both involve a redirect during authentication?

As for your main point, I don't believe that geoprocessing services containing ArcGIS API for Python can be successfully executed. However, the reverse is possible, where the Python API can reference published geoprocessing services and execute them from within the script.

Thanks,

Calvin

Reply
0 Kudos
Highlighted
Regular Contributor

I have the option to sign in with "ArcGIS login" instead of entering a URL for the enterprise login, however it does not work with my credentials. I do not think I am a built-in user but rather the users are created passively upon first logging into the enterprise login. Perhaps we use the enterprise identity store? I'm not the GIS Administrator here and I don't have access to look at how everything is setup unfortunately. I do know the admin can create built-in users though that can use the regular ArcGIS Login, perhaps that is the route to take, though it sounds like this idea won't work out anyway.

Is there really no way to work with web GIS layers passively? I'm trying to retrieve markup layers that will be shared from the new Field Maps app by our field workers. It's a conglomeration of 25 states and I do not want them to mess around in the group they share their markup to because they have little knowledge of GIS and I fear they will mess with our maps unintentionally. I would rather simplify the process by just having them click on a button from a JS API developed map, do some processing with their markup layers and a couple feature classes, and then have all the layers they need "magically" downloadable or emailed to them. I already do this passively with data that sits on our server, I'm just trying to figure out a way to do it with the stuff that gets shared to AGOL too. 

Reply
0 Kudos
Highlighted
Regular Contributor

After working with ESRI support, if you are using a third-party IDP to log into Enterprise, you cannot access your layers through the Python API by logging in normally. You must either have built-in credentials to log in non-interactively, or, you must use a client ID workflow which requires interaction after your script starts to run. ESRI will not be working on fixing this issue because they have no way of knowing how users are prompted to log in with their IDP or how it is configured. 

View solution in original post

Reply
0 Kudos