Select to view content in your preferred language

Sign In screen error when accessing Portal via Azure AD

688
4
Jump to solution
05-08-2023 05:13 PM
LeoFothergillMTA
New Contributor

Following a recent upgrade from ArcGIS Enterprise 10.8.1 to 11.1 we are now getting an error when we select the sign in screen while accessing Portal via Azure AD.  When users connect to the Portal through the myapps.microsoft.com link they can connect to the Portal Home page and view the Gallery but when the 'Sign In' button is selected it returns:

ArcGIS Portal Directory ||  | 
Error
Invalid redirect_uri
Error: 400
 
We only have the ArcGIS Login enabled, there is no SAML Login or Open ID Connect Login enabled.

The internal URL to Portal still allows us to access the Sign In screen and sign in using the ArcGIS Login as before.  Does anyone have ideas how we can address this?

0 Kudos
1 Solution

Accepted Solutions
A_Wyn_Jones
Esri Contributor

You can view the valid redirect URLs for your portal by going to:

https://<fqdn>/<PortalWebAdaptor>/portaladmin/security/oauth/getAppInfo?appID=arcgisonline&f=html

You can view the current redirect URL being used if you select "copy URL" for the sign-in button (or cancel the webpage quickly before it errors) it looks like this:

redirect_uri=https%3A%2F%2F<FQDN>%2FWebAdaptorName%2Fhome%2Faccountswitcher-callback.html

A word of warning, you should access the Portal using the designed/intended URL. If you manage to allow another redirect to browse the portal, creating content (if it allows you) with this alternative URL will bind the content to this URL and make the content unusable via the designed URL. 

"We've boosted the Anti-Mass Spectrometer to 105 percent. Bit of a gamble, but we need the extra resolution."

View solution in original post

4 Replies
Scott_Tansley
MVP Regular Contributor

have you checked this in 'InPrivate' mode or have you cleared your browser cache.  It sounds like the sort of thing that would happen from not doing so.

Sorry I have very limited time to get drawn into this one at the moment, but need to confirm the obvious.

Scott Tansley
https://www.linkedin.com/in/scotttansley/
LeoFothergillMTA
New Contributor

Thanks Scott.  I tried both of those things and I am still getting the same error.

0 Kudos
ReeseFacendini
Esri Regular Contributor

This sounds like a DNS problem, where the DNS coming from the MS Apps link is different than the internal DNS. Portal for ArcGIS only supports a single DNS, and presents the error above when anything but that single entry is used.

0 Kudos
A_Wyn_Jones
Esri Contributor

You can view the valid redirect URLs for your portal by going to:

https://<fqdn>/<PortalWebAdaptor>/portaladmin/security/oauth/getAppInfo?appID=arcgisonline&f=html

You can view the current redirect URL being used if you select "copy URL" for the sign-in button (or cancel the webpage quickly before it errors) it looks like this:

redirect_uri=https%3A%2F%2F<FQDN>%2FWebAdaptorName%2Fhome%2Faccountswitcher-callback.html

A word of warning, you should access the Portal using the designed/intended URL. If you manage to allow another redirect to browse the portal, creating content (if it allows you) with this alternative URL will bind the content to this URL and make the content unusable via the designed URL. 

"We've boosted the Anti-Mass Spectrometer to 105 percent. Bit of a gamble, but we need the extra resolution."