Invalid redirect when logging in to Portal for ArcGIS 10.3

01-13-2015 12:53 PM
Esri Contributor

Anyone installed Portal for ArcGIS successfully on Azure? I get the following when trying to log in with the external DNS:


ArcGIS Portal Directory | Home


Invalid redirect_uri


Error: 400


Note: At 10.2.2 I do not experience this issue.

Tags (2)
9 Replies
Esri Contributor

The issue seems to be with the web adaptor registration. It registers with the local FQDN (internal), for example:

What is required is for the outermost facing URL which is normally:

Take the following steps:

1. Go to the portaladmin site > system > web adaptor > click on web adaptor ID > You will notice that the webAdaptorURL is the internal one.

2. To change this, append '/edit' to the URL and you can update the webAdaptorURL to the external DNS.image.png

Occasional Contributor III

So what is going on when this does not exist on my Portal?

If I click Home >> System >> Web Adaptors    -  it is empty.  there is just a Resources: Configuration

Yet, my web adaptor is set up.

0 Kudos
Esri Contributor

I am not sure why it is not appearing in the portal administrator directory but you might be able to format the URL by browsing to your webadaptor.config file for the Portal for ArcGIS Web Adaptor. Open the file and view the <ID> tag. For example:


You can then append this to the URL so, for example:


Occasional Contributor III

Hi, thank you for the response.

I was able to get further, now on to the next hurdle...

I sign in.. and the middle section disappears, but nothing happens.  I can manually go to /organization.html, but then it reverts back to login saying I am not logged in.

portal 10.3.1- fresh install - fails to log in

0 Kudos
New Contributor III

Hi Chris, I had the same problem, It worked for me, great help

Occasional Contributor II


I encountered this same problem when i was doing my install and this seemed to be the fix.

However does this mean there are two sites out there now, one that use the FDQN and one that doesnt?

0 Kudos
New Contributor III

Hi Chris,

I have a similar login problem. My web adaptor is configured with a machine name and a web adaptor URL. However, when I click the login button it still changes the url and attempts to log in with the machine name, then going into an endless loop with SAML. Do you have any idea what could be going on..?


0 Kudos
MVP Regular Contributor

I had a similar problem on my Windows network system.  Seems it was because I had initially setup things using our internal network names (before installing our SSL certs).  I needed to unregistered portal from the Web Adapter and then go through the setup using the public domain name the cert was applied to.

Occasional Contributor III

I found out what is the real method to have a fully working installation of the web adaptor.

Basically, when you install and launch web adaptor, it opens upo in the browser with a URL like "http:\\localhost\arcgis\webadaptor". The protocol (HTTP) and web adaptor name (arcgis) might be different depending on what was specified during installation. If you want to access (e.g.) Portal for ArcGIS from an external machine, YOU HAVE to change the web adaptor URL in the browser to point to a domain which is accessible from outside, and that has a SSL certificate installed.

So, if you already have configured it "the wrong way", you have to first unregister the webadaptor (Unregistering ArcGIS Web Adaptor with Portal for ArcGIS—Installation Guides (10.5) | ArcGIS Enterpri... ).

Then, UNINSTALL it, and reinstall it, changing the URL as I said.

Then, once inside the configuration, just specify the external domain again and you'll see that everything will work just fine.

If you don't change the URL in the browser as I said, it will finish configuring succesfully, you will be able to access the Portal for ArcGIS from outside the server machien wirth the external domain name, BUT as long as you try to log in, you won't be abkle to continue as this procedure will point to the server internal machine name (Fully Qualified Domain Name, or FQDN), which in most of the case is not accessible from a machine which is not the server itself.

NOTE: if you (like me) install ArcGIS Enterprise using ArcGIS Enterprise Builder, it will automatically configure the web adaptors (one for portal, one for sever) with the FQDN. You have to do what I wrote in order to make it work correctly.

Hope this will be of help.


Apparently, this will somehow break ArcGIS Server login.

If you press login in the /rest/services, it will stuck to a blank page, the URL being https://<YOUR_EXTERNAL_DOMAIN>/server/login/?returnUrl=https:/<YOUR_EXTERNAL_DOMAIN>/server/rest/services .

Looking at the dev console, it seems to try to get stuck at this request:


So, again, the FQDN is back (don't know why??!!), and it's preventing ArcGIS Server REST (and MANAGER) from logging in from a machine that is not the server itself.


  • go to your ArcGIS Server Administrator directory (
  • in security -> config and click on "update" (at the bottom of the page).
  • change "Authentication tier" from ARCGIS_PORTAL to GIS_SERVER.
  • click "Update".

Now, the authentication should work. I don't know if this thing is working wether the server is federated/registered with the portal or not (still struggling to understand this).


Ok, so... I also had problems with federating/unfederating register/unregister the server with the Portal (which, as far as I know, is key if you want to be able to publish MapServices from ArcGIS Pro to ArcGIS Server passing through Portal).

Maybe the key element is in this requirement, will come back to this if I'll find out.

If you'll be federating your site with Portal for ArcGIS, it's recommended you configure your organization's domain name service (DNS) to include fully qualified domain name (FQDN) entries for each site you intend to federate with the portal. Portal for ArcGIS will request the FQDN of each site when you federate.