Is SAML 2.0 now supported in ArcGIS Server?

Thank you! Is there any way to do this without the use of portal?

My Best Regards,

Tina R. Smith

Principal Geospatial Intelligence SpecialistOffice of the Chief Technology OfficerVOIP 773-477-0937tinaraquel@hotmail.com

Hi Tina,

> Is there any way to do this without the use of portal?

No. You will need to federate your ArcGIS Server site with Portal for ArcGIS if you want to leverage SAML authentication for it.

Hope this helps,

Hello Derek,

Do you know if SAML integration is in ArcGIS Server's road map and Portal for ArcGIS is mendatory only temporarily or do you consider this solution as sustainable ?

Thanks,

Nicolas

Hi Nicolas,

At this time, there are no plans to enable ArcGIS Server (e.g., the GIS Server) to support SAML authentication without also using Portal for ArcGIS.

Hope this helps,

Hi Derek, 

Thanks for the answer. It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble. Just the print service does not work. Do you know how services are called in AGOL cause I try to do the same with js API from a website that requiere to be authenticated with SAML but it does not work. Cheers

Hi Nicolas,

> It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble.

In the scenario you describe, ArcGIS Server and your ArcGIS Online organization are using 2 different authentication mechanisms, even though they are both using the same credentials (e.g., Windows Active Directory). This is not a deployment of ArcGIS Server with SAML authentication.

> Just the print service does not work.

Are you referring to the "built-in" print service with your ArcGIS Online organization? or a separate, custom print service from your ArcGIS Server site? I believe since your ArcGIS Server web services are secured with web-tier authentication, only the latter option is supported. FYI, help topic:

Configure utility services—ArcGIS Online Help | ArcGIS

Under the Printing section, please note this statement,

"To print layers secured with web-tier authentication, you must use a custom print service configured to handle web-tier authentication."

Hope this helps,

Hi Derek,

Just to be sure, using Portal for SAML purpose means that you need as many 'named users' as there are people accessing secured services though people won't be using Portal for ArcGIS anyway ? 

Cheers,

Nicolas

Hi Nicolas,

In the context of this discussion, yes. Users that need to access secured web services - which were originally accessed directly from the GIS Server, but now the GIS Server is federated with Portal for ArcGIS, and leverages Portal's SAML authentication model; these users will have to be named users.

Hope this helps,