Identity error after upgrading and changing SSL certificate. All the queries are redirected to identity/error?errorCode=invalid_request
Description
When upgrading Orchestrator from v2019 to a newer version in an environment that has configured a Load Balancer (Multi Node), the access\redirect will be changed from User -> Load Balancer -> Orchestrator To User -> Load Balancer -> Orchestrator -> Load Balancer -> Identity.
Certificate
In this scenario the Load Balancer Certificate must be created with both DNS URL (Load Balancer and Orchestrator), in Subject Alternative Names and exported on all the Orchestrator nodes.
Load Balancer URL
The Load Balancer URL must be placed in all the config files from all the Orchestrator nodes. To automatically update the config files we can use Platform Configuration tool to set the Load Balancer URL.
Read more on Platform Configuration tool documentation.
Database
The Orchestrator database, table [identity].[ClientRedirectUris] must contain beside the Orchestrator URL the Load Balancer URL.
If the Load Balancer URL is not in the [identity].[ClientRedirectUris], manually insert it and assign it to ClientName from [identity].[Clients] table using ClientID as a reference.
Example:
INSERT INTO [identity].[ClientRedirectUris](
[RedirectUri]
,[ClientId])
VALUES('https://Load Balancer URL/identity/management/callback',4)
Before doing any changes to the Database it is recommended to do a Full Backup.