SignInToPortal with an SSO.

AngelaSchirck · ‎06-27-2023

Hey all,

I am trying to write a script to automate the publishing of web layers and have run into a problem since our organization uses an SSO (Single Sign On). I wrote script to get the SSO token, and login to portal (Below, with all appropriate packages imported).

# Gettoken for the Palm Beach County SSO
def getToken(portal, sso):
    print('Connecting to portal...\n')
    # Get username and password
    username = input(str('Enter your SIM username and press Enter: '))
   # warnings.simplefilter("ignore", category=getpass.GetPassWarning)
    password = getpass.getpass('Enter your SIM password and press Enter: ')

    payload = {
        "username": username,
        "password": password,
        "client": "referer",
        "referer": portal,
        "expiration": "1440",
        "f": "json"
    }

    response = requests.post(sso, data=payload)
    token = response.json().get("access_token")
    return token

#Sign into portal
def portalConnect():   
   portal_url = 'myPortalurl'  #my script has the actual urls for portal and sso here
   sso_url = 'mySSOurl' 
   token = getToken(portal_url, sso_url)
   gis = GIS(portal_url, token=token)
   print('\nConnected to: ', gis.properties.name)

The above code results with:

Connecting to portal...

Connected to: Palm Beach County ArcGIS Enterprise

However, when I actually try to exportTOSDDraft I get

ValueError: Unable to connect to portal.

I tried using the arcpy.SignInToPortal and it says 'unable to generate token' but "token" is not a valid parameter for this function.

Has anyone been successful in publishing a service definition draft to portal when there is an SSO? Or does anyone know how I can do this?

Thanks.

AngelaSchirck · ‎06-28-2023

So, as it turns out the above script does connect to and set active portal. The issue was in the aprx itself which did not also have the active portal set to the one connected to. Setting the active portal in the project resolved the issue.

View solution in original post

TonyContreras_Frisco_TX · ‎06-27-2023

Is there a reason you aren't just supplying the username and password when you instantiate the GIS object? The api should take care of making sure the authentication and authorization is handled correctly.

AngelaSchirck · ‎06-28-2023

It does not. The Username and password are entered in the "get token" function. Reentering them again in the GIS object gives an error.

```

Connecting to portal...

A general error occurred: Could not login. Please ensure you have valid credentials and set your security login question.
<class 'Exception'>
Connection to portal failed!

```

When I signin (regularly) I have to purposely click on our SSO link to sign in. If I just use the "regular" signin portal it gives an error. The script above takes me to the PBC SSO and logs in as evident by the "Connected to: Palm Beach County ArcGIS Enterprise" message. The GIS object uses the token where the username and password are entered and connects correctly. The problem is later in the script where I call the exportTOSDDraft function it "thinks" I'm not connected to portal.

AngelaSchirck · ‎06-28-2023

So, as it turns out the above script does connect to and set active portal. The issue was in the aprx itself which did not also have the active portal set to the one connected to. Setting the active portal in the project resolved the issue.