Connecting ArcGIS Enterprise portal

Using the OAuth 2.0 protocol, the Identity Service can delegate the authentication of users to ArcGIS Enterprise portal. This means that a user can log in with an ArcGIS Enterprise portal account.

Connecting to ArcGIS Enterprise portal is done in several steps:
First you register the Identity Service as a application in ArcGIS Enterprise portal. Then you adjust the configuration of the Identity Service so that the login can be delegated to ArcGIS Enterprise portal. Finally you check the configuration using the Identity Service to log in to ArcGIS Enterprise portal.

Step 1: Register Identity Service in ArcGIS Enterprise portal

The Identity Service must be registered as an application in ArcGIS Enterprise portal to use the single sign-on. To do this, perform the following steps:

  1. Login to ArcGIS Enterprise portal.

  2. Switch to the Content tab.

  3. Click New item and in the subsequent dialog click Application.

  4. A dialog for creating the new element is displayed. Use the following settings there:

    • Type: Web Mapping.

    • URL: URL of the Identity Service installation, for example https://www.example.com/identity

  5. Click Next.

  6. Now set the other properties of the element as follows:

    • Title: Identity Service

    • Folder: Select the folder where you want to save the item.

    • Categories (if available - optional): You can set one or more categories for the element.

    • Tags: identity

    • Summary (optional): You can create a summary for the element, for example: Registration of Identity Service at ArcGIS Enterprise portal

  7. Click Save. The overview of the newly created element is displayed.

  8. Set additional registration properties by proceeding as follows:

    • In the app overview click Settings and go to section Web Mapping Application.

    • Click Register.

    • Specify the URL of your Identity Service installation as the Redirect URI, for example https://www.example.com/identity.

    • Click Add to add the URI to the list of valid redirect URIs.

    • Click Register to close the dialog.

  9. After you have successfully registered the application, its registration data will be displayed, which you will need for the subsequent configuration:

    • Store the displayed App ID somewhere.

    • Click Show secret and store the displayed App Secret.

      app secrets en

The registration is now complete and you can proceed with the configuration of the Identity Service.

URLs should start with https:// to ensure that secret tokens are always sent over a secure channel.

Step 2: Configure Identity Service

The following parameters must be added or changed in the global Configuration.

Configuration example
# .identity-service/application.properties
security.oauth.provider=arcgis
security.oauth.provider.arcgis.url=https://www.example.com/portal
security.oauth.clientId=6nyEFYqYSYtu60Ws
security.oauth.clientSecret=fb3e3425976e4980a1793cbe6231f4b6
security.oauth.provider

The value arcgis defines ArcGIS Enterprise portal as identity provider.

security.oauth.provider.arcgis.url

URL of your ArcGIS Enterprise portal.

security.oauth.clientId

App ID that has been created during the registration as an application in ArcGIS Enterprise portal.

security.oauth.clientSecret

App Secret that has been created during the registration as an application in ArcGIS Enterprise portal.

Step 3: Test configuration

You can test the configuration of ArcGIS Enterprise portal as identity provider by performing a login initiated by the Identity Service. Follow these steps:

  1. Make sure you have a portal user account

  2. If you are logged in to portal, log out.

  3. Open the Identity Service base URL, http://www.example.com/identity or http://www.example.com:8080/identity, for example. Make sure to use the exact same URL that you specified as Redirect URI when registering the Identity Service at ArcGIS Enterprise portal in step 1 of this document.

    The browser displays a page with a list of available service endpoints:

    installation check 01

  4. Click the link titled Login. The browser will redirect you to the portal login page.

  5. Enter username and password of your portal account to login.

After successful login you are redirected to the Identity Service "Self" endpoint (/identity/account/self). If your portal account data is displayed as JSON, you successfully connected ArcGIS Enterprise portal with the Identity Service.

Next steps

After you have connected ArcGIS Enterprise portal with the Identity Service, you need to configure portal-federated ArcGIS Servers as trusted services in the Identity Service. This allows users of applications that use the Identity Service to access ArcGIS Server services without further login.