Categories
Azure Development Sitecore

Sitecore Identity Invalid redirect_uri

Sitecore Login Screen

The Issue

I recently ran into an error with a client where the Sitecore Identity, with no changes to the code or config: Invalid redirect_uri.

I ran through the logs and saw this new error:

2020-12-10T15:52:09.9647897+00:00 [ERR] (Sitecore STS/RD0003FF74FA60) Invalid redirect_uri: "https://site.com/identity/signin"

The logs for Sitecore Identity, in my case, were not logging to Application Insights but were instead logging to the file system.

I had to open the App Service Editor to check them and they are under the logs folder. The naming convention for the log files is “sts-DATE.log”, for example: “sts-20201210.log”.

This error turned out to be a red herring as none of the redirects/config had been touched since initial setup. 

The Solution for Sitecore Identity Error: Invalid redirect_uri

The error reported in the log initially led me down the wrong route of investigation, and my initial thoughts as to why the service could stop working without modification were correct. The logical diagnosis would include checking if any certificates had been updated recently. 

It turned out that the client had renewed their SSL certificates and this meant that the thumbprint registered in the config no longer matched the current certificate.

So if you have encountered the same issue, check:

1. The private SSL certificate’s thumbprint value that is being used for your Sitecore Identity. You can check this in Azure by opening the relevant app service and checking the TLS/SSL settings like so:

Azure Dashboard TLS/SSL Settings

2. The thumbprint value in the Sitecore.IdentityServer.Host.xml file. You can check this in Azure by opening up the App Service Editor, then going to the folder “Config/production”, as seen here:

App Service Editor IdentityServer Config Thumbprint Value

If the two values do not match, then update the config file to match the Private Certificate Thumbprint seen in the 1st screenshot. After, stop then start the App Service, and this should have fixed the issue.

If the issue still persists, be sure to also check CertificateStoreLocation and CertificateStoreName.

Happy Sitecoring! – BM 🙂 

You can find more info and documentation for Sitecore Identity here.

Check out my latest posts, or contact me if you have a query.

Leave a Reply

Your email address will not be published. Required fields are marked *