This is an AGOL issue that occurs during single sign on for academic institutions when trying to login to ArcGIS Online services for their organisational site. It is a necessary requirement of Esri Inc to provide a more meaningful response when access is denied after single sign on (using ADFS) for academic institutions.
Currently our users (staff/students) would see the message ‘Unable to login using Idp Error parsing ‘NAME_ID’ from SAML response’.
This message is meaningless for both staff and students who may try to login to ArcGIS Online organisational site and would provide a poor user experience as they would not know what to do next. Unfortunately our institution is not able to edit this page otherwise we would do this.
We suggest as a minimum that the following message could be provided in place of the current text ‘You are not authorised to access this ArcGIS Online service, please contact your local Esri Administrator to request access’
This would at least give academic staff and students an idea of what to do next to get this issue resolved.
Dr. Gail Millin-Chalabi
It's worth noting that this error message could also point to a misconfiguration in the SAML IdP.
That error essentially means the IdP successfully authenticated the user, but is not authorized or configured to release the user attributes to the service provider for that particular user, but still returns a successful SAML response.
It may be possible for ADFS to provide a message to the users after they authenticate informing them they are not authorized to use the ArcGIS Online service provider.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.