Available Authentication Methods
The GENESIS system supports multiple authentication mechanisms, all with a common identity store. This means that, generally speaking, you can use the same credentials to authenticate with GENESIS regardless of the mechanism used to authenticate. The mechanisms supported vary depending on whether the device is connected to the GOA network or is connecting from the internet.
The supported authentication mechanisms for devices connecting over the internet are:
- ArcGIS Token Authentication (including anonymous public access)
- HTTP/Basic Authentication
ArcGIS Token Authentication
The ArcGIS token web-service endpoint URL is internet accessible, and will work from anywhere. The authentication mechanism is documented in the REST API documentation, and is fully compatible with ESRI/ArcGIS software, applications built with the ArcGIS Web APIs or ArcGIS Platform SDKs, or compatible third-party products like Geocortex Essentials. It can be used in any custom software using JSON via REST web service calls including Python, .Net, Java, PHP, or whatever suits you.
This mechanism is best suited for web applications where users are making direct requests to secured services or where users impersonate an application/service/headless account used to access services as part of an application session. Note that it can also be used without logging in (anonymously) with access to public services only.
The HTTP/Basic authentication web-service endpoint URL is internet accessible, and will work from anywhere. As a broadly supported standards-based authentication mechanism, it provides a highly compatible way to connect to GENESIS web services. Connections using HTTP/Basic are often times impractical, however, due to the nature of having to provide the username and password on each request. Therefore, HTTP/Basic authentication is generally most useful for users looking to connect directly to services with their own credentials. It is generally less useful for application developers looking to integrate software components or present a seamless user experience in web applications.
The GENESIS architecture can support virtually any form of authentication if required. We are open to expanding our current lineup of authentication solutions to include SAML-based solutions such as Alberta MyDigitalID, client-certificate authentication, etc. If custom solutions are required, please contact us.