Is SAML 2.0 token-based authentication supported in ArcGIS Server?
At the 10.3 release, ArcGIS for Server Standard and Advanced includes Portal for ArcGIS. Portal for ArcGIS supports SAML 2.0 authentication. Learn more in this help topic:
Configuring a SAML-compliant identity provider with your portal—Portal for ArcGIS | ArcGIS for Server
You can federate your Server site with Portal, enabling your Server site to leverage SAML.
Federating an ArcGIS Server site with your portal—Documentation | ArcGIS for Server
Hope this helps,
Thank you! Is there any way to do this without the use of portal?
My Best Regards,
Tina R. Smith
Principal Geospatial Intelligence SpecialistOffice of the Chief Technology OfficerVOIP email@example.com
> Is there any way to do this without the use of portal?
No. You will need to federate your ArcGIS Server site with Portal for ArcGIS if you want to leverage SAML authentication for it.
Do you know if SAML integration is in ArcGIS Server's road map and Portal for ArcGIS is mendatory only temporarily or do you consider this solution as sustainable ?
At this time, there are no plans to enable ArcGIS Server (e.g., the GIS Server) to support SAML authentication without also using Portal for ArcGIS.
Thanks for the answer. It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble. Just the print service does not work. Do you know how services are called in AGOL cause I try to do the same with js API from a website that requiere to be authenticated with SAML but it does not work. Cheers
> It is funny though because I can access secured services of our ArcGIS server (configured with web-tiers authentification and windows domain store) from ArcGIS Online configured with SAML authentification without any trouble.
In the scenario you describe, ArcGIS Server and your ArcGIS Online organization are using 2 different authentication mechanisms, even though they are both using the same credentials (e.g., Windows Active Directory). This is not a deployment of ArcGIS Server with SAML authentication.
> Just the print service does not work.
Are you referring to the "built-in" print service with your ArcGIS Online organization? or a separate, custom print service from your ArcGIS Server site? I believe since your ArcGIS Server web services are secured with web-tier authentication, only the latter option is supported. FYI, help topic:
Configure utility services—ArcGIS Online Help | ArcGIS
Under the Printing section, please note this statement,
"To print layers secured with web-tier authentication, you must use a custom print service configured to handle web-tier authentication."
Just to be sure, using Portal for SAML purpose means that you need as many 'named users' as there are people accessing secured services though people won't be using Portal for ArcGIS anyway ?
In the context of this discussion, yes. Users that need to access secured web services - which were originally accessed directly from the GIS Server, but now the GIS Server is federated with Portal for ArcGIS, and leverages Portal's SAML authentication model; these users will have to be named users.
All right Derek, thanks for your quick answer.
Retrieving data ...