26

After installing 9.1 I see the following error on the login screen:

Error Message

Steps I followed:

  1. Updated XP0-SingleDeveloper with ".dev.sc.local" to the site names
  2. Ran the installation using XP0-SingleDeveloper.ps1 and SIF 2.0
  3. Updated IIS host binding to use https for "sc910.dev.sc.local".

Update

While setting up a new 10.2 instance I encountered the error "invalid_request". This was caused by the AllowedCorsOrigins not containing the correct url. The log messages in Identity showed something like the following:

Invalid redirect_uri: "https://scmsx.int.sxp.local/identity/signin"

Turns out I mistakenly put the wrong url in the Sitecore.IdentityServer.Host.xml file.

<?xml version="1.0" encoding="utf-8" ?> <Settings> <Sitecore> <IdentityServer> <Clients> <DefaultClient> <AllowedCorsOrigins> <!-- This should show scmsx instead of identityx --> <AllowedCorsOriginsGroup1>https://identityx.int.sxp.local</AllowedCorsOriginsGroup1> </AllowedCorsOrigins> </DefaultClient> </Clients> </IdentityServer> </Sitecore> </Settings>
Improve this question

3 Answers 3

Reset to default
47

After speaking with my friend @kamsar, he pointed out the CORS origin on the Identity Server Instance needs an update.

The Identity Server doesn't allow logging in from just any url, for security reasons.

  • Open the file C:\inetpub\wwwroot\sc910.identityserver.dev.sc.local\Config\production\Sitecore.IdentityServer.Host.xml
  • Add a new AllowedCorsOriginsGroupN (optionally use a pipe delimiter pointed out by @monkey-dsc)
  • Recycle the Identity Server Application Pool

Below you can see the new setting added as Group2: 

<AllowedCorsOrigins> <AllowedCorsOriginsGroup1>http://sc910.dev.sc.local</AllowedCorsOriginsGroup1> <AllowedCorsOriginsGroup2>https://sc910.dev.sc.local</AllowedCorsOriginsGroup2> </AllowedCorsOrigins>

Resources

Improve this answer
8

In addition to Michaels correct answer: It is also possible to define the AllowedCorsOrigins pipe-separated. I also stuck on this and found the description in the IdentityServer WDP zip (parameters.xml): 

 <parameter name="AllowedCorsOrigins" description="Pipe-separated list of instances (URIs) that are allowed to login via Sitecore Identity."> <parameterEntry kind="TextFile" scope="website\\config\\production\\Sitecore.IdentityServer.Host\.xml" match="PlaceholderForClientOriginsGroup" /> </parameter>

You can define the Origins like that:

 <AllowedCorsOrigins> <AllowedCorsOriginsGroup1>http://sc910.dev.sc.local|https://sc910.dev.sc.local</AllowedCorsOriginsGroup1> <AllowedCorsOriginsGroup2>http://otherhost.dev.sc.local|https://otherhost.dev.sc.local</AllowedCorsOriginsGroup2> </AllowedCorsOrigins>
Improve this answer
3
  • 1
    I see value in using the pipe delimiter in order to make these entries match those from sxa tenants. Commented Dec 17, 2018 at 13:06
  • 1
    Do you have an example of how to apply this as a patch? Something that can be dropped into a folder? Commented Dec 17, 2018 at 13:15
  • unfortunately not :( it is set by the XP0-Single-Developer.ps1 --> $AllowedCorsOrigins = "http://$SitecoreSiteName"... maybe you can adjust the script to have more $SitecoreSiteNames Commented Dec 18, 2018 at 12:12
6

I tried using https instead of http to access my local sitecore admin panel like this

https://site.local/sitecore and it worked remember every request in sitecore 9.1 needs to be in secure SSL so use only https ! Hope it helps someone.

Improve this answer
1
  • It helped me. I tried with https and it worked for me. Thanks Commented May 10, 2019 at 18:42

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.