Created: 12 Sep 2020, last update: 30 Jan 2022
Sitecore CLI login error .well-known/openid-configuration
I try to login with Sitecore Command Line Interface (CLI) but my Sitecore identityserver was broken.
dotnet tool run sitecore login --authority https://sc10.identityserver --cm https://sc10.sc/ --allow-write true
And I get an error how to fix?
Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Internal Server Error
or
Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Bad Gateway
Even if your Sitecore 10 is working fine, your identity server could be broken. Verify that your Sitecore identity server is working properly while browsing by going to the url (replace hostname with yours).
https://sc10.identityserver If this give an error you need to fix that. And check also the https://sc10.identityserver/.well-known/openid-configuration This should give a JSON file and not an error.
If you have a HTTP Error 500.19 – Internal Server Error about your web.config. Likely you do not have the correct version of .NET Core Runtime and IIS support. Download from: https://dotnet.microsoft.com/download/dotnet-core/2.1
Sitecore Identity server requires .NET Core 2.1.18 Windows Hosting Module, you can also found the version in file Sitecore.IdentityServer.Host.runtimeconfig there is version 2.1.16 in my Sitecore 10 version, but anyway download the Hosting Bundle which includes the .NET Core Runtime and IIS support.
To check which runtimes are installed run:
dotnet --list-runtimes
If you have a HTTP Error 502.5 - Process Failure it could be an invalid license see \sitecoreruntime\license.xml
You can turn the logging on in the web.config set stdoutLogEnabled to true, and create manual a logs folder in the root of the app. (for me logging didn't work if I didn't create the log folder myself)
In my case it was logging empty files that didn’t help.
You can also run the identyserver from the Console.
Go the application root and run:
dotnet Sitecore.IdentityServer.Host.dll
Perhaps you see now the error, or if is it is okay it looks like this:
[20:58:42] Sitecore.Framework.Plugin.Web.WebCommand [Information] Starting web host
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] User profile is available. Using '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys"' as key repository and Windows DPAPI to encrypt keys at rest.
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] Creating key {71b830c8-284e-4a2c-b313-f8305ba477a4} with creation date 2020-09-11 18:58:43Z, activation date 2020-09-11 18:58:43Z, and expiration date 2020-12-10 18:58:43Z.
[20:58:43] Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository [Information] Writing data to file '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys\\key-71b830c8-284e-4a2c-b313-f8305ba477a4.xml"'.
[20:58:43] IdentityServer4.Startup [Information] Starting IdentityServer4 version "2.3.2.0"
[20:58:43] IdentityServer4.Startup [Information] Using the default authentication scheme "idsrv" for IdentityServer
Hosting environment: Production
Content root path: C:\inetpub\wwwroot\sc10dev.local.identityserver
Now listening on: http://localhost:5000
Now listening on: https://localhost:5001
If you like you can also use this and bypass IIS and use the just started listener to login:
dotnet tool run sitecore login --authority http://localhost:5000/ --cm https://sc10.sc/ --allow-write true
Anyway, all of the above should help you to find the issue and be able to login with the Sitecore Command Line Interface (CLI)
If the identityserver works when you start commandline and not when using IIS try to set the Application Pool Identity from ApplicationPoolIdentity to NetworkService that works for me to solve the:
HTTP Error 502.5 - Process Failure
Common causes of this issue:
- The application process failed to start
- The application process started but then stopped
- The application process started but failed to listen on the configured port
Troubleshooting steps:
- Check the system event log for error messages
- Enable logging the application process' stdout messages
- Attach a debugger to the application process and inspect
With event log message:
Application 'MACHINE/WEBROOT/APPHOST/SC10U1IDENTITYSERVER.DEV.LOCAL' with physical root 'C:\inetpub\wwwroot\sc10u1identityserver.dev.local\' created process with commandline 'dotnet .\Sitecore.IdentityServer.Host.dll'but failed to get its status, ErrorCode = '0x80070005'.
