== [[https://iam.alaska.edu/|IAM]] / [[https://iam.alaska.edu/projects|Projects]] / [[https://iam.alaska.edu/shib|Shibboleth]] / [[ServiceCandidates|Service Integrations]] / ArcGIS == ArcGIS provides an online service that integrates with Shibboleth institutional logins. Initial documentation at vendor's site: http://doc.arcgis.com/en/arcgis-online/reference/configure-shibboleth.htm Those instructions are not generalized and require adaptation to a pre-existing environment. Several custom configuration steps required: 1. Manually add metadata provided by the vendor's tool. Metadata provided by James Elieff is minimal: {{{ University of Alaska University of Alaska https://uaa-geomatics.maps.arcgis.com }}} 2. Prevent signed assertions from the IdP by creating exemption in $SHIBBOLETH_HOME/conf/handler.xml: {{{ }}} 3. ArcGIS consumes "principal" as the unique identifier of users. Because the UA IdP allows authentication using different identifiers, the IdP may assign different identifiers to the "principal" attribute (that is, either the numeric Banner ID# or the name-based UA Username). To provide a predictable and relatively permanent identifier, the Banner ID #, create a specific attribute encoded as principal, but tied to Banner ID #: {{{ }}} A more robust definition is possible that would utilize the UA AD attribute uaIdentifier in case there is no record of the user in EDIR, or the EDIR record contains no value of BannerID. 4. Release the custom principal identifier, along with name and email address: {{{ }}}