Unable to access the Orchestrator Web Client with a redirect uri error.
search cancel

Unable to access the Orchestrator Web Client with a redirect uri error.


Article ID: 325856


Updated On:


VMware Aria Suite


  • An error is received when navigating to the Orchestrator Web Client:
"An error occurred during OAuth2 operation.  Please contact your administrator to resolve the issue.  {"error":'invalid_request","error_description":"Must provide a matching redirect uri"}
  • The Network load balancer hostname has recently been changed. 



VMware vRealize Automation 7.x


  1. Find the client ID of the embedded vRO within file: /etc/vco/app-server/sso.properties
  1. Copy the value for the property 'com.vmware.o11n.sso.oauth.client.id'
  2. Decrypt the value of 'com.vmware.o11n.sso.oauth.client.id'
/usr/lib/vco/tools/configuration-cli/bin/vro-configure.sh decrypt --value vcoencrypted:{riv}dX5Bw6UfnbG7bH83HtiJDmqMeSqFhzEv5YN+UPbaucE=
  1. Enable the vIDM GUI from an SSH to the vRealize Automation appliance
vcac-vami horizon ui enable
  1. ​​​​​​​Open a browser to the URL https://%FQDN%/SAAS/admin/
  2. Change the domain to "vsphere.local"
  3. Login with "administrator"
  4. Navigate to Catalog > Settings > Remote App Access
  5. Search for the client_id that starts with "vco" within Remote App Access list.
  6. Select the client_id that starts with "vco" and contains the value decrypted in step 3.
  7. Edit the Redirect URI to point to the network load balancing hostname.
  8. Save the configuration and exit the vIDM UI.
  9. Retest access to the embedded Orchestrator Web Client.