Are there any best practices how to implement NTLM authentication with a GP Service so that, the valid user token using Single Sign On (SSO) with ArcGIS Enterprise is used for requesting another web service consumed by the Python tool being published as GP Service.
We are querying a custom graph database using NTLM authentication with Python (request-ntlm module) and transforming the entities and relations to features having relationships into a geodatabase on the fly. SSO works like a charm with ArcGIS Pro. But, when we publish the GP Tool as a GP Service, the service runs using the service account of the federated ArcGIS Server. The service needs to use the SSO token of the user which requested the GP Service call e.g. from any ArcGIS client. Is there any workflow how to reuse the SSO token using Python or at least to get the user info which requested the GP Service call?
Any help would be fine.