Is SAML 2.0 token-based authentication supported in ArcGIS Server?
At the 10.3 release, ArcGIS for Server Standard and Advanced includes Portal for ArcGIS. Portal for ArcGIS supports SAML 2.0 authentication. Learn more in this help topic:
Configuring a SAML-compliant identity provider with your portal—Portal for ArcGIS | ArcGIS for Server
You can federate your Server site with Portal, enabling your Server site to leverage SAML.
Federating an ArcGIS Server site with your portal—Documentation | ArcGIS for Server
Hope this helps,
Thank you! Is there any way to do this without the use of portal?
My Best Regards,
Tina R. Smith
Principal Geospatial Intelligence SpecialistOffice of the Chief Technology OfficerVOIP firstname.lastname@example.org
> Is there any way to do this without the use of portal?
No. You will need to federate your ArcGIS Server site with Portal for ArcGIS if you want to leverage SAML authentication for it.
Do you know if SAML integration is in ArcGIS Server's road map and Portal for ArcGIS is mendatory only temporarily or do you consider this solution as sustainable ?
At this time, there are no plans to enable ArcGIS Server (e.g., the GIS Server) to support SAML authentication without also using Portal for ArcGIS.
Thanks for the answer. It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble. Just the print service does not work. Do you know how services are called in AGOL cause I try to do the same with js API from a website that requiere to be authenticated with SAML but it does not work. Cheers
> It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble.
In the scenario you describe, ArcGIS Server and your ArcGIS Online organization are using 2 different authentication mechanisms, even though they are both using the same credentials (e.g., Windows Active Directory). This is not a deployment of ArcGIS Server with SAML authentication.
> Just the print service does not work.
Are you referring to the "built-in" print service with your ArcGIS Online organization? or a separate, custom print service from your ArcGIS Server site? I believe since your ArcGIS Server web services are secured with web-tier authentication, only the latter option is supported. FYI, help topic:
Configure utility services—ArcGIS Online Help | ArcGIS
Under the Printing section, please note this statement,
"To print layers secured with web-tier authentication, you must use a custom print service configured to handle web-tier authentication."
Just to be sure, using Portal for SAML purpose means that you need as many 'named users' as there are people accessing secured services though people won't be using Portal for ArcGIS anyway ?
In the context of this discussion, yes. Users that need to access secured web services - which were originally accessed directly from the GIS Server, but now the GIS Server is federated with Portal for ArcGIS, and leverages Portal's SAML authentication model; these users will have to be named users.
All right Derek, thanks for your quick answer.
We have configured our portal for SAML 2.0 authentication having IDP as SCI(SAP Cloud Identity).We are able to login directly into the portal using the Enterprise credentials(SP Initiated Login), however when we try to access the content of the Portal(let say Mapimagelayer) from the application after being authenticated from the IDP, we are challenged for the identity.
Is their something more that we have to configure or have to add some code in the application for leveraging the SAML SSO.
> We have configured our portal for SAML 2.0 authentication having IDP as SCI (SAP Cloud Identity)
Please contact Esri Tech Support and open an incident so they can take a look at your deployment and SAP Cloud configuration settings. They are best equipped to investigate your issue.
Retrieving data ...