How do I resolve Error: 400 Invalid redirect_uri when attempting to sign into Portal?

WilliamDeGraw · ‎08-28-2018

Setting up test environment for ArcGIS Enterprise. Portal and it's Web Adaptor installed, setup SSL, added a few entries into the hosts file to get networking to direct my URL (https://domain.com/portal/home) to a sign in page. When I click the 'sign in' link in the upper right, the result is Error: 400 Invalid redirect_uri.

I'm using ESRI documentation - installation guides - to setup ArcGIS Enterprise...and this error surprised me.

What step did I miss? What do I need to do in Portal Admin directory? Portal logs look ok...only weird entry so far is re-occuring daily 'The database server was found to be stopped. Re-starting it.' This is the internal DB on the Portal server?

Only account that exists at this time is the Portal Admin created at install.

On screen options are home link that complains about an outdated URL for Portal Sharing and the other..."create an account'.

Created an account successfully, but when I click on 'Organization'...I get directed to the URL https://webadaptorHostName/portal/home/organization.html and browser says cannot connect

So does it look like a networking issue, like missing DNS entries or is this something I need to add/configure in Portal Admin directory?

JonathanQuinn · ‎01-17-2019

If you were to check the network traffic, what is the Location header set to when it redirects? Is it set to https://gistst.abc.com/portal? Did you set the Host header within your load balancer? I used to see that same error with HAProxy until I set the Host header. I don't have any familiarity with F5 but the following link may help:

iRule - Add Host Header

Looks like the folllowing line adds the Host header.

HTTP::host test.domain.com

Also make sure you're setting the X-Forwarded-Host header.

JeffThornton · ‎11-26-2019

Brad,

I need help! We have a F5 device that scans encrypted traffic (443) and converts it to http (80) and the F5 also functions as a load balancer as well. I need to get portal for ArcGIS Enterprise setup.

Thanks,

Jeffrey Thornton

jaykapalczynski · ‎01-17-2019

????? Didnt read to much into this but how about this

Set the WebContextURL with this workflow:

Do the following to change the WebContextURL:
Open a web browser and sign in to the ArcGIS Portal Directory as a member of the default administrator role in your portal organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
Click System > Properties > Update Properties.
On the Update System Properties dialog box, insert the following JSON, substituting your own reverse proxy server or DNS alias URL as seen by users outside your organization's firewall.
    {
       "WebContextURL": "https://xxxxxxx.gov/portal"
    }

To resolve the invalid_redirect_URI, see the attached PDF.

Accessing the Portal using the native 7443 port uses a different certificate than what is installed in IIS. We can secure the Portal over the 7443 port, but it's not usually a necessity since all users are accessing using the web adaptor IIS.
http://enterprise.arcgis.com/en/portal/latest/administer/windows/import-a-certificate-into-the-porta...

JonathanQuinn · ‎01-17-2019

The invalid redirect_uri problem is due to the host you're using to reach the home application not being in the list of valid URI's for the sign in mechanism, (oauth). See my comment here on how to resolve it:

https://community.esri.com/thread/204996-invalid-redirect-when-logging-into-portal-for-arcgis#commen...

Re-registering or editing the web adaptor URL, or re-setting the Web Context URL can help as well as that triggers the logic to update the list of URI's.

BradGeerdes · ‎01-23-2019

Hello - Thanks for all of the suggestions! We ended up narrowing our issue to an F5 (hardware based load balancer) issue. We are documenting and I will follow up with the documentation here. Thanks again!

BradGeerdes · ‎01-24-2019

To resolve the issue, we adjusted F5 to use port 443 instead of port 80 and added a server side SSL profile in F5. Basically, our IT was not familiar with Esri products and had never needed to create a server side SSL profile - so this was a first. Hope this helps someone.

Anonymous User · ‎09-13-2019

You may also try using a different browser, especially if you are using IE. Try Chrome or Firefox.