Invalid redirect_uri

SharonMeier · ‎03-17-2016

Is anyone familiar with Error: 400 (Invalid redirect_uri)? I have installed ArcGIS Server 10.4, GeoEvent Extension 10.4, Portal 10.4 and the ArcGIS DataStore, as well as web adapters. Have federated portal and server, and set my server as the hosting server in Portal. However, when I try to launch GeoEvent Manager I receive this Invalid redirect_uri error.

DennisGeasan · ‎03-22-2016

Hi Sharon,

I find the easiest way to get to 10.4 GEE Manager running on a federated AGS is from another machine on your network.

If accessing GEE manager on the machine it is running on, IE comes up blank, Chrome yields Error 400, or 500 if you use a Portal Token. Firefox eventually works but you have to import the SSL certificates from both AGS and Portal.

DG

KennethOGuinn · ‎04-13-2016

I have found that this is normally as a result of registering the web adaptor with Portal via one URL, and accessing it via another.

For example you browse to https://internalmachine.domain.com/portal and register your web adaptor with Portal.

Then you try to access the Portal via https://dnsalias.domain.com/portal. As a result the Portal basically says "hey, I was told to the web adaptor was at https://internalmachinename.domain.com/portal, but I see a connection coming from https://dnsalias.domain.com/portal, and I was never told to trust that URL, better be safe than sorry; invalid_uri redirect 400"

The easiest way I've found to resolve the issue is to unregister the web adaptor from Portal, and then in your browser with the URL you intend to access portal through like https://dnsalias.domain.com/portal, re-register it with portal. At that point Portal knows to trust the web adaptor from that location.

Please note that if you do unregister the Web Adaptor you will not be able to access your Portal via the web adaptor for the duration of it being unregistered.

This is a somewhat common issue for Esri Support Services, so if you have access to support, I'm sure they can walk you through the process of sorting this out.

If not, here is the documentation on how to unregister a web adaptor.

Unregistering ArcGIS Web Adaptor with Portal for ArcGIS—Installation Guides (10.4) | ArcGIS for Ser...

Here is the follow up doc on how to register it again.

Configure ArcGIS Web Adaptor—Installation Guides (10.4) | ArcGIS for Server

Hope this helps!

Ken O.

SimonJackson · ‎07-23-2016

Hi Kenneth OGuinn Thanks for this advice. However, how about this scenario...

Domain name = https://dnsalias.domain.com
The CNAME of this domain points to the IIS on an machine where I have 10.4.1 Portal, Server, Data Store and GeoEvent installed and federated. (e.g. https://machinename/arcgis/home)
Machine is on Azure, Windows Server 2012
The PFX certificate from https://dnsalias.domain.com has been applied to the root of IIS
Portal for ArcGIS and ArcGIS Server still using their Self Signed Certificates
I can access Portal for ArcGIS and ArcGIS Server via this DNS alias and login fine (e.g. https://dnsalias.domain.com/arcgis/manager
GeoEvent does not flow through IIS/Web Adapter, so have to hit it on https://machinename:6143/arcgis/home
But because this is not known/trusted by the Portal, then its going to give me the invalid_uri error

Any ideas on how to get around this? Really appreciate any help or pointers you can provide.
I saw a bug at 10.3 (fixed at 10.4) which suggests that this should be possible, I just imagine I need to make some additional config changes.

BUG-000092043 : The GeoEvent Processor in a federated ArcGIS for Server and Portal for ArcGIS environment does not allow users to login to environments which utilizes a DNS name for their Portal site.

DebendraBiswas1 · ‎07-04-2021

Hi @SimonJackson ,

Just want to know, did you ever get this resolved, I am stuck with same situation.

JiaLiu1 · ‎03-17-2022

Hi DebendraBiswas1, Did you find the answer? I'm stuck, too.

DebendraBiswas1 · ‎03-17-2022

Hi @JiaLiu1

My issue was that, whenever I was federating ArcGIS server, the ArcGIS server itself along with GeoEvent Manager were redirecting to portal login page and in a flick of a second redirecting to Error: 400 (Invalid redirect_uri) page.

My issue got resolved by updating the portal Web Adaptor URL from fully qualified domain name to internal server like https://hostname:7443/arcgis

Note that, you do not have to unregister the portal from web adaptor, you can just add /edit at the end of the url which will allow you to edit the configuration

https://<hostname>/portal/portaladmin/system/webadaptors/7658bc2b-45ca-4516-8252-e3440774b5c6/edit

Hope this helps.

Cheers

Debendra

JiaLiu1 · ‎03-17-2022

Hi Debendra, Many thanks for the quick response. My issue is different then. My setup is an Azure VM. In the Azure VM, I can get to GeoEvent Server through https://machinename:6143/geoevent/manager but get "This site can't be reached when I use https://fqdn:6143/geoevent/manager in the VM and from another machine. My understanding is for streaming services, I'll need the latter to work. The 6143 port is open in the VM. I don't what else I'm missing.

DebendraBiswas1 · ‎03-17-2022

Hi @JiaLiu1

Apologies for getting it wrong.

Regarding accessing GeoEvent manager from outside machine using FQDN, may I ask you what do you mean by opening the port..? Is this through window's firewall or you have configured an inbound rule to listen on port 6143. ?

Regards

Debendra

JiaLiu1 · ‎03-17-2022

Hi Debendra, I have similar setup as in your screenshot of the Azure VM Networking for port 6143. I don't think it's Windows Firewall, as in the VM I can access GeoEvent Manager using machinename:6143 but not fqdn:6143. Am I wrong?