I've got a Portal which has some secure content behind it. I'm currently able to access it via Azure Active Directory SSOs and an OAuth2 app, all through ESRI JS, which is great, works perfectly etc.
However, we're building an environment in Dynamics 365. That doesn't seem to want to work with the OAuth2 app. Our developers tell me that the "code" and "state" parameters being returned with the redirect URI are invalid.
So, a few questions if I may.
First off, has anyone come across anything like this before, and is there a way (in anything, really) to fix it?
Secondly, alternatives. Now, from the first reply on this topic (https://community.esri.com/t5/arcgis-enterprise-questions/unable-to-generate-tokens-using-saml-enter...) which reads:
When using an external identity provider via either SAML or OpenID Connect, Portal for ArcGIS (as the service provider) has no connection to the user's credentials. The authentication process is handled by the return of the properties within the SAML assertion/response and mapped to appropriate values within the Portal user's profile. With that being the case, token generation at the Sharing/REST endpoint is not possible for those users and would need to be generated via the OAuth2 mechanism.
It seems we can't simply grab the username/password and feed it in to get a token, as they're all Azure AD users. Indeed, I've tried logging in through the login screen using my Azure AD username/password, and this doesn't work.
Integrated Windows Authentication wouldn't work as we anticipate contractors using this too from outside our organisation.
At the moment the only access I can see is having read-only credentials hard-coded in, which we really don't want to do.
Does anyone have any ideas that would help? Thanks!
EDIT - also, any way to remove these code and state parameters from the returned response (if they're not necessary)?