Depending on the User-Agent in the request header, SLIP security reacts differently. If UserAgent field contains *QGIS.* or *ArcGIS* then it accepts Basic Authentication. Otherwise, it will be redirected to single sign-on.
We’re working on extending the authentication flows for SLIP to include the Client Credentials and Resource Owner Password Credentials flows for OAuth2 to support a greater range of applications being able to use SLIP by simply configuring their existing software libraries that support most OAuth flows. This would include several of the software libraries and tools published by Esri that are limited to supporting the Client Credentials OAuth2 flow (eg. Esri Resource Proxy and ArcREST).
SLIP Maps – maps.slip.wa.gov.au
When accessing a secure SLIP Map via a web browser using Internet Explorer, Chrome or Firefox, a token-based authentication (SAML/ OAuth) is used to allow single sign-on.
This means that your username and password are requested only once, then future connections use the token or cookie to allow access. Clearing your browser cache or history will remove these cookies and you will be prompted to log in again. Using a private or incognito browser will not automatically log you in at future sessions and is best practice when using a public computer.
SLIP Data Services – services.slip.wa.gov.au
When connecting via a desktop, GIS client such as QGIS, GAIA or ArcGIS do not support the single sign-on token options SAML or OAuth and therefore use Basic Authentication.
This means that your username and password must be sent with every request. Generally these client applications will store the username and password within the application.
It is important to note that if you usually log into maps.slip.wa.gov.au by signing in with Google and want to use data services in a desktop GIS client, Google does not support Basic Authentication. Simply register a new SLIP account not linked to your Google account to use secure services in desktop GIS clients.