Task Purpose: To implement the Single sign-on using Azure AD and ArcGIS Online Enterprise Application.
Steps Performed:
I have performed all the steps mentioned in this tutorial. Please find the screenshots here:
1. Editing Basic SAML Configuration
2. Edit Claims and Attributes:
3. Configure certificate sign-in algorithm.
4. Extension Installed and Click on "Set up ArcGIS Online".
5. ArcGIS Online General Setting:
6. ArcGIS Online Security Setting:
7. Edit "Enterprise Login":
8. Invite New Member
9. Azure SSO Test - Success
10. Claims sent in SAML request:
11. ArcGIS Online Error:
12. SAML Request:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_EzqaAesNvZqERYTY" Version="2.0" IssueInstant="2020-05-06T05:36:02Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://dvcancerstrategy.maps.arcgis.com/sharing/rest/oauth2/saml/signin"><saml:Issuer>dvcancerstrategy.maps.arcgis.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/></samlp:AuthnRequest>
13. SAML Response:
<samlp:Response ID="_1f5e1efa-4fca-4384-a0cf-b9a33c1a366b" Version="2.0" IssueInstant="2020-05-06T07:44:44.986Z" Destination="https://dvcancerstrategy.maps.arcgis.com/sharing/rest/oauth2/saml/signin" InResponseTo="_jiniqLOKlKboPySi" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/051b2d5f-4a64-46cb-a28e-634957bbd2bb/</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><Assertion ID="_0ccbd615-bbe2-4228-828c-0fb3acb85000" IssueInstant="2020-05-06T07:44:44.986Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://sts.windows.net/051b2d5f-4a64-46cb-a28e-634957bbd2bb/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#_0ccbd615-bbe2-4228-828c-0fb3acb85000"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>VintIljH66VcswaLrr+Skl5aGBfJVg2HC/DoK5vE4I4=</DigestValue></Reference></SignedInfo><SignatureValue>BCLY88ych1aIJjbhL7+ZqdvFqmdSEvbvUZYFG+/vMCm+mNSXZHIITFbhhvdvfUjGobNGS0GmJnAVii4oMcbP0ib+RWvpC7f1ZmoUlbar5g8StL7ghotZ6gfowq45/3Wy2mVXMV5EGJSneM8uDfXkMuNc8TqnbF4gSAEkSE20nFAjPGe6fKJuxfjPXYAxsljGxr4rKhyZftCedRxPuefSziRUQAdTD1datfdNcDH+1Zi2Aq6JbMbcI23KTXgGH7G25VqSA5OirIMT+N+zS2yLuV631Gba5JcqFYzYSwB8fL95v2vNbNeSwIx1YL+ackPVSMyjeO7VuNJnPwcUp0HFlQ==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQWhwsI9D5xopL5ZhmSBCD6TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMDA1MDYwNzIzNThaFw0yMzA1MDYwNzIzNThaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoJV//B4Ymr8GmJ5FiXLquFZGIbHDDzlPyJ4u2vXpcAzdbjQOeak/Ws4MHY01I5WxJP8So07ids4J94yxZF0eC8spQGkSNXW1/oBMNVxkLjMzMo9pn1UDHRwGPdcji4pBoS4Q+phaO4OYdwQsAR7PACh0ZkFDcMmnhTRF81nY+3SQiA9LL3ewjjw9D/6S+UV8GasIEyIhqvpQ8ZbsgeBgt+OZgv0Ycc9SMM2aqdO/4j6JCFco1opq6xEqztBtGzHRK1YXeKfygXVCxZg9ZHNbxc0bAIu4ZQQlkSGs5jNvkUKdsMVZgVU0sh8pNjK/i4vJRWHCH7lQywTxAlrdgkYdQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBT/s+FVhx5bCmQTgLx1ALqjHko5RLxMh8iYhL6xuhkEK14ScFQTVM+HIN2YRLs9FuuhdIIKCqAelE/Xe2i6iJg1ENKuxE5vBzFkDVU6OqvquM07XrSuJxYw2MjHD16+0JPC1r+Fgw0QQKppeO56aXl/pinWH+LOqer2VI/VmUFEZZ3iLv4iMaa3/+N8o5SvWbhyBvD175nFAqF4ukEo0Kgv9FapzGgw4VCwphxDmCYXNPERfj4pZEVpfNQDDDEpplgkOoa2vaN+r9E2sHp86Yb3mu2jv290re6FnvDsqOITQSEhmmme/Yeh26St3VEsr7Vjh4cB1NwDazjthDshWvW</X509Certificate></X509Data></KeyInfo></Signature><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">ygupta03_yahoo.com#EXT#@ygupta03yahoo.onmicrosoft.com</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_jiniqLOKlKboPySi" NotOnOrAfter="2020-05-06T08:44:44.580Z" Recipient="https://dvcancerstrategy.maps.arcgis.com/sharing/rest/oauth2/saml/signin"/></SubjectConfirmation></Subject><Conditions NotBefore="2020-05-06T07:39:44.580Z" NotOnOrAfter="2020-05-06T08:44:44.580Z"><AudienceRestriction><Audience>dvcancerstrategy.maps.arcgis.com</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>051b2d5f-4a64-46cb-a28e-634957bbd2bb</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>d6cba76b-1ef3-4931-a3a7-33b0bb8dfed9</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/displayname"><AttributeValue>Yatin Gupta</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"><AttributeValue>585a6205-f2e7-42bd-b7f0-31c174ede252</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>live.com</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/unspecified</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><AttributeValue>Yatin</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>Gupta</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><AttributeValue>ygupta03@yahoo.com</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><AttributeValue>ygupta03_yahoo.com#EXT#@ygupta03yahoo.onmicrosoft.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2020-05-06T07:14:22.901Z" SessionIndex="_0ccbd615-bbe2-4228-828c-0fb3acb85000"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
Kindly help me resolve this issue as soon as possible.