Community
Select to view content in your preferred language

How to handle authentication against /portal/sharing/rest in PowerAutomate webhook receiver?

1534
10
Jump to solution
05-27-2024 11:34 AM
PhilippeVDV
by
Regular Contributor
‎05-27-2024 11:34 AM

Hello

I've set up SAML authentication for ArcGIS Enterprise where users can join automatically with a default Viewer user type.

I'm trying now to set up an organization webook. The idea is that when a SAML user is added to a specific Portal group (through SAML based group membership), a webhook is triggered to promote the user type from Viewer to Creator (and role from Viewer to Editor)

In /portal/sharing/rest you can do a http POST request to update the UserType as follows: https://FQDN/portal/sharing/rest/portals/0123456789ABCDEF/updateUserLicenseType

I've configured the webhook in ArcGIS Enterprise succesfully, but I'm struggling now in PowerAutomate with the authentication against /portal/sharing/rest

I tried to authenticate by setting Authentication Type to Basic and providing the portaladmin credentials

PhilippeVDV_0-1716833787383.png

Next, I execute the http POST request as follows:

PhilippeVDV_3-1716834219602.png

But this doesn't seem to work

The webhook receiver is triggered succesfully when a user is added to the group, but it seems that the authentication goes wrong against /portal/sharing/rest, because I receive a 403 error: "You do not have permissions to access this resource or perform this operation"

So basically my question is, how do you authenticate agains /portal/sharing/rest so that you can execute all the available POST requests

I'm not a developer, but I hope that this should be possible in some way? All ideas or sample code are welcome (preferably in Power Automate)

Best regards

Phil

 

 

0 Kudos
10 Replies
PhilippeVDV
by
Regular Contributor
3 weeks ago

@KevinHibma , thanks for your reply. That's really a pitty. Isn't there any other event that could be used to trigger a webhook that increases the user type? Although technically a SAML or AD user doesn't 'join' a group, the number of members in the memberlist of the group changes when a SAML/AD user 'enters' the group. But  a change in the number of group members isn't an event unfortunately. Would that be something that could be implemented in the future? Let me clarify our use case: we fully automated our user management after a SAML integration between ArcGIS Enterpise and a custom IdP. All groups in Portal are based on SAML based group membership and named user accounts are created automatically. The default user type is Viewer but of course, users in certain groups need higher user types (Contributor or Creator). The only way we can automate this is to run a script based on the ArcGIS API for Python that prints all users in a certain group with a certain ID and increases the user type for these users. But then there's always a delay: after someone logs on for the first time he/she should wait before they can start editing until the script has run. Not ideal. A webhook would be nicer. But then we lack an appropriate event trigger for SAML/AD users 'joining' automatically.  

0 Kudos