Python SAML login

7477
8
Jump to solution
11-02-2020 02:41 PM
Rey_A_Santiago
New Contributor II

Our organization uses SAML for access into the organization’s AGOL site. We’ve tried using the recommended Python methods of logging in but none have worked. Can someone please point me to info on how to log into AGOL using SAML in a Python script?

0 Kudos
1 Solution

Accepted Solutions
simoxu
by MVP Regular Contributor
MVP Regular Contributor

As Stated in the help document Calvin mentioned:

"Non-Interactive Login Experience

The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML."

Our portal is using SAML for internal staff, but we can create built-in users when needed. With the built-in named user you can login by username and password.

Hope this information useful

View solution in original post

8 Replies
by Anonymous User
Not applicable

Hi Rey,

Is this the documentation you are looking at? Working with different authentication schemes | ArcGIS for Developers 

This has worked well for me in the past. Once you have obtained the App Id after registering a new application with ArcGIS Online, you can copy the ID and paste it in your Python script where you are making the GIS object.

import arcgis

from arcgis.gis import gis

gis=GIS("https://arcgis.com", client_id="myAppID")

After running this, a new window should open in your web browser prompting you to log in. Sign in using your enterprise logins, and then copy the OAuth2 approval code. Go back to your Python script, and paste the code in the prompt to finish initializing the GIS object.

You should only need one application code/client_id parameter for all users in your AD that want to sign into ArcGIS Online.

Does this work for you?

Calvin

Rey_A_Santiago
New Contributor II

Thanks Calvin! I will try this as soon as I can get back on the project. I will let you know the result.

0 Kudos
Rey_A_Santiago
New Contributor II

Calvin, thanks for your suggestion. However, we require a non-interactive login.

0 Kudos
Daniel-Miller
New Contributor II

Any update on this? We are looking to switch to SAML authentication for our ArcGIS Enterprise setup, and wondering how we will be able to perform scripted background tasks. We currently have a number of scripted tasks that run as service accounts, for example adding portal items harvested from another location, or adding features to a hosted feature service from a data feed. Currently these scripts retrieve a token from the REST endpoint with a username and password. Will that still work when we switch across to SAML?

0 Kudos
simoxu
by MVP Regular Contributor
MVP Regular Contributor

As Stated in the help document Calvin mentioned:

"Non-Interactive Login Experience

The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML."

Our portal is using SAML for internal staff, but we can create built-in users when needed. With the built-in named user you can login by username and password.

Hope this information useful

Daniel-Miller
New Contributor II

Thanks simoxu.

GrahamWood-HWC
New Contributor III

Based on Calvis suggestion to use a registered app with the portal I've solved the method to allow a non interactive SAML login.
1st as an admin register an app in the portal.

open the app and obtain the app ID and app Secret

import arcgis
from arcgis.gis import gis
gis=GIS("https://arcgis.com.OrPotalURL", client_id="myAppID", client_secret="myAppSecret")

 

0 Kudos
Daniel-Miller
New Contributor II

Thanks Graham. We experimented with something similar using app ID and app Secret although I don't think it was python. From memory the issue we had was that the permissions weren't fine-grained enough for what we were trying to do when using this method. Hope this works for what you need it to do.

0 Kudos