Running a Federated 1081 Enterprise deployment with Azure AD as our identity store.
I am unable to generate a token using our enterprise login credentials. Tested from https://webadaptor.domain.com/arcgis/sharing/rest/generateToken
But I get this error:
It does work if I use a built in account that isnt tied to our IDP. Any ideas why this happening?
When using an external identity provider via either SAML or OpenID Connect, Portal for ArcGIS (as the service provider) has no connection to the user's credentials. The authentication process is handled by the return of the properties within the SAML assertion/response and mapped to appropriate values within the Portal user's profile. With that being the case, token generation at the Sharing/REST endpoint is not possible for those users and would need to be generated via the OAuth2 mechanism. I've attached a common workflow for the Python API that explains the process in a bit more detail.
Hope that helps!
User authentication with OAuth 2.0 | Working with different authentication schemes | ArcGIS API for Python
Unfortunately no. Here is my original problem that prompted this question. We were trying to generate a token to authenticate into a Web AppBuilder app. This did not work without using OAuth instead of generate token. Maybe this might help:
Other than making the app, map, and services public no. Depending on what you're doing, I've seen folks use a proxy file on a websever to bypass the login.
I was able to implement the OAuth connection using the client_id. Is there a way to do this in an automated standalone python file (possibly through REST calls) which is seemless and does not require me to enter the OAuth2 approval code?
I want to be able to connect to multiple Portals via a script tool within a Toolbox.