Can single sign on be achieved using OpenID Connect with a SAML add-in for ArcGIS Enterprise/Portal?

1793
3
10-04-2019 07:15 AM
SusanZwillinger
Occasional Contributor

We have implemented single sign on for a client web application using Rock Solid Knowledge Limited's SAML2P Component for IdentityServer4, an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. The SSO allows users to log in once to the server and access several applications.  Once logged in, the users see a web page of their accessible applications with a button/link to go to the map portal (ArcGIS Enterprise/Portal).  What we would like to happen is for the button/link to take them DIRECTLY to the Gallery in ArcGIS Enterprise.  Instead, the only option seems to be to display the Sign In page with the option to sign in via the SSO (the first button shown below) or via ArcGIS directly (the second option).  

Does anyone have any ideas or a solution for achieving true single sign on with ArcGIS Enterprise?

Thanks,

Susan

0 Kudos
3 Replies
NicolasGIS
Regular Contributor

Hello Susan Zwillinger‌,

Looking for information about support of OpenID Connect by Portal for ArcGIS, I stumbled upon this thread.

I created a very similar one in case you are interested:

https://community.esri.com/thread/248301-single-sign-on-experience-with-saml-on-arcgis-enterprise 

As you can see, it did not bring much attention from ESRI just like yours unfortunately.

If you made any progress regarding this issue, would you please mind share it there ?

Thanks

0 Kudos
ThomasEdghill
Esri Community Moderator

Hi @SusanZwillinger and @NicolasGIS , I noticed this older thread and wanted to close the loop with an update that ArcGIS Enterprise 10.9 now supports OpenID Connect as an authentication protocol, which should also include IDPs that support it. Some documentation on this can be found here: Configure OpenID Connect logins.

I hope this update can be helpful in your current use of the software!

0 Kudos
HaraldLund
New Contributor II

Hi @ThomasEdghill ,
Will ArcGIS 10.9.1 support grant-type flow as described here?
https://developer.okta.com/docs/guides/implement-grant-type/authcodepkce/main/#overview