Running a Federated 1081 Enterprise deployment with Azure AD as our identity store.
I am unable to generate a token using our enterprise login credentials. Tested from https://webadaptor.domain.com/arcgis/sharing/rest/generateToken
But I get this error:
It does work if I use a built in account that isnt tied to our IDP. Any ideas why this happening?
When using an external identity provider via either SAML or OpenID Connect, Portal for ArcGIS (as the service provider) has no connection to the user's credentials. The authentication process is handled by the return of the properties within the SAML assertion/response and mapped to appropriate values within the Portal user's profile. With that being the case, token generation at the Sharing/REST endpoint is not possible for those users and would need to be generated via the OAuth2 mechanism. I've attached a common workflow for the Python API that explains the process in a bit more detail.
Hope that helps!
User authentication with OAuth 2.0 | Working with different authentication schemes | ArcGIS API for Python