FME Version
Introduction
ArcGIS Enterprise Portal supports various authentication methods (see here)
- Web tier Authentications -- Includes Basic, Digest, NTLM (Integrated Windows Authentication) and Kerberos (IWA and LDAP)
- SAML Authentication -- Enterprise Portal supports SAML 2.0 ( Single Sign-on SSO)
FME Desktop 2019.1 or prior versions support all the web-tier authentication methods only. Starting with FME Desktop 2019.2.3 +, both web-tier and SAML are now supported.
SAML Authentication users must create a Web Service (from the template) and then create a Web Connection based on the Web Service. This method also works with Portal authentication (but NOT with Web Authentication).
If you are trying to create an ArcGIS Online Web Connection, please use this article instead: How to Create an ArcGIS Online Web Connection (OAuth 2.0)
Step-by-Step Instructions
Part 1: FME Desktop
NOTE: This method only applies to ArcGIS Enterprise with SAML Authentication or a Built-in identity store.
1. Create an Application on Enterprise Portal
Let's start creating an application that will be used in FME Web Connection. Open your portal in any web browser and sign in as an Administrator account.
Go to your Content view and click on New item.
Choose ‘Application' and select Other application, then select Next.
Finally, fill in a Title and Tags if needed. Click Save to create the application.
This will open up the application that was just created. You can also find it on your contents page if you need to access it in the future.
In the application, go to Settings (top right corner).
Scroll down and go to App Registration.
Click on Registered Info. This section will provide you with an App ID and Secret to use in the Portal Web Service. Copy the App ID and Secret to a text editor, as we will need them in the next step.
NOTE: Click on Show Secret to expose the key.
2. Create a Web Service in FME Desktop (from Template)
Open FME Workbench.
Go to Tools, then select FME Options… Find and select Web Connections, then select Manage Services...
Click on the "+" drop-down menu on the bottom left corner Select Create From --> "Esri ArcGIS Portal(template)".
Give the Web Service a name of your choice; typically, it’s good to include Portal in the name.
Find the URLs listed in the Web Service. Change YOUR_PORTAL_HOST to your Portal hostname. For example, under Authorization Parameters, the URL is currently: https://YOUR_PORTAL_HOST/portal/sharing/rest/oauth2/authorize?response_type=code
For example, my Portal hostname is bp-portal.base.safe.com, I will change it to: https://bp-portal.base.safe.com/portal/sharing/rest/oauth2/authorize?response_type=code
The URLs to be replaced are:
- Authorization Parameters
- Retrieve Token Parameters
- Refresh Token Parameters
Next, replace the Client Id and Secret in the Web Service. Take the App ID previously copied and paste that into the Client Id section. Next, replace the Client Secret with the App Secret previously copied.
Click Apply to save your settings and then Close to close the dialog.
3. Create a Web Connection
After closing the Web Services page this should bring you back Web Connection page. However, if you closed the page, go to Tools > FME Options > Web Connection to reopen it.
Click on the + sign to add a new connection.
Select the Web Service created in Step 2 and give your web connection a name. Click on Authenticate.
This will open a prompt from ArcGIS Portal, add your credentials for ArcGIS portal and click Sign In.
4. Test the Connection
Add an Esri ArcGIS Portal Feature Service Reader to the canvas.
Under Dataset, add your Portal URL, for example, https://<YourPortalURL>/portal
In the Parameters, under Authentication Type set it to Web Service, which was created previously.
Under ArcGIS Portal Connection, select the connection made in the previous step.
Finally, under Feature Service, click the ellipsis to select any feature service. Click OK.
Click OK again and OK to create the reader. Click Run to test that the reader works! Keep the workspace open as we will use it in Part 2 if you also use FME Server.
Part 2: FME Server
We will go through a few extra steps to get this working in FME Server.
1. Add a Redirect URI to the Portal Application
From the Content page in your ArcGIS Portal. Find the application created in Part 1. Click Settings and find App Registration. Click Registered Info.
Click on Update. In the dialog for Redirect URI add your FME Server URL http://<yourServerhost>/fmeoauth Click Add and then Update.
2. Upload the Web Service to FME Server
Back in FME Workbench, go to Tools, then select FME Options… Find and select Web Connections, then select Manage Services…
Find the Web Service created in Part 1.
Add the client id and client secret from the Portal Application. Then, add your FME Server URL in the Redirect Uri http://<yourServerhost>/fmeoauth. Next, click OK. This will upload the web service to FME Server.
3. Publish the Workspace to FME Server
Click File, and select Publish to FME Server. Select your FME Server web connection and click Next.
Create a new repository called Portal. Under Workspace Name, enter PortalTest.fmw and click Next.
Upload the connection to FME Server by selecting it and clicking Next.
Click Publish.
4. Run the Workspace on FME Server
Go to your FME Server and select Run Workspace. Find the workspace that was just uploaded. Then, select Run to run the workspace. The workspace should run successfully and therefore the connection works.
Please note that web connections can also be created and managed from the Files & Connections page in FME Server. Please see the Web Connections documentation for more details.
Comments
0 comments
Please sign in to leave a comment.