Is anyone familiar with Error: 400 (Invalid redirect_uri)? I have installed ArcGIS Server 10.4, GeoEvent Extension 10.4, Portal 10.4 and the ArcGIS DataStore, as well as web adapters. Have federated portal and server, and set my server as the hosting server in Portal. However, when I try to launch GeoEvent Manager I receive this Invalid redirect_uri error.
I find the easiest way to get to 10.4 GEE Manager running on a federated AGS is from another machine on your network.
If accessing GEE manager on the machine it is running on, IE comes up blank, Chrome yields Error 400, or 500 if you use a Portal Token. Firefox eventually works but you have to import the SSL certificates from both AGS and Portal.
I have found that this is normally as a result of registering the web adaptor with Portal via one URL, and accessing it via another.
For example you browse to https://internalmachine.domain.com/portal and register your web adaptor with Portal.
Then you try to access the Portal via https://dnsalias.domain.com/portal. As a result the Portal basically says "hey, I was told to the web adaptor was at https://internalmachinename.domain.com/portal, but I see a connection coming from https://dnsalias.domain.com/portal, and I was never told to trust that URL, better be safe than sorry; invalid_uri redirect 400"
The easiest way I've found to resolve the issue is to unregister the web adaptor from Portal, and then in your browser with the URL you intend to access portal through like https://dnsalias.domain.com/portal, re-register it with portal. At that point Portal knows to trust the web adaptor from that location.
Please note that if you do unregister the Web Adaptor you will not be able to access your Portal via the web adaptor for the duration of it being unregistered.
This is a somewhat common issue for Esri Support Services, so if you have access to support, I'm sure they can walk you through the process of sorting this out.
If not, here is the documentation on how to unregister a web adaptor.
Here is the follow up doc on how to register it again.
Hope this helps!
Hi Kenneth OGuinn Thanks for this advice. However, how about this scenario...
Any ideas on how to get around this? Really appreciate any help or pointers you can provide.
I saw a bug at 10.3 (fixed at 10.4) which suggests that this should be possible, I just imagine I need to make some additional config changes.
BUG-000092043 : The GeoEvent Processor in a federated ArcGIS for Server and Portal for ArcGIS environment does not allow users to login to environments which utilizes a DNS name for their Portal site.
Did anyone figure out a resolution to this? I just setup a 10.4.1 test environment, and decided to federate the ArcGIS Server that has GeoEvent ext on it (to try to fix authentication issues through PI Integrator). I get the same issue as the OP. Because GeoEvent manager runs on port 6143, Portal won't let you get to it.
Hi Susmita Duncan - perhaps we should team up. Im also setting up an environment for the PI Integrator on Azure, and with some help from Esri Support, have got this running now.
Can you explain a little more about your environment?
- are you using an external DNS?
- have you applied a domain/CA certificate to IIS or your DNS?
- Are you using IIS and the ArcGIS Web Adaptor?
I met the same problem - I have portal on FQDN, but the Geoevent was opening on localhost URL - I have changed the localhost to FQDN URL, and the GeoEvent manager opens fine.