What is the error fix for - " UiPath.IdentityServer.Web.Controllers.UI.ErrorController Got an IS4 error with id "xx", details: {"Error":"unauthorized_client", "ErrorDescription":"Unknown client or client not enabled", "RequestId": "xx", "ClientId":"xx"} " ?
Issue Summary:
An Orchestrator instance will have unique Client IDs and Secrets that are securely stored in the database. The aforementioned error occurs due to a mismatch in these IDs and secrets. This usually happens when:
- Manual changes are made within the client tables in the database
- A DB/Orchestrator migration is done improperly
- Some sort of DB corruption occurs
- An improper attempt to upgrade the Orchestrator instance or restore a previous instance is done
Manual Steps to Alleviate the Issue:
Note: These steps should not be performed unless absolutely required. Manual modifications like these may affect the robustness of the setup.
- Log into the SQL database and right-click on the "identity.Clients" table.
- Click on Select TOP 1000.
- Note down the clientID for "ClientName Orchestrator.S2S" and "Orchestrator.OpenID".
- Open the Orchestrator "UiPath.Orchestrator.dll.config" (2020.10) or "web.config" file (2020.4) in a text document and verify the following:
- The key IdentityServer.Integration.ClientId value matches the Orchestrator.S2S clientId from the database. If it does not, copy the database value into the orchestrator.dll.config/web.config
- The key ExternalAuth.System.OpenIdConnect.ClientId value matches the Orchestrator.OpenId clientId from the database. If it does not, copy the database value into the uipath.orchestrator.dll.config/web.config
- Verify IdentityServer.Integration.ClientSecret value as well in the uipath.orchestrator.dll.config/web.config file
- Verify ExternalAuth.System.OpenIdConnect.ClientSecret value as well in the uipath.orchestrator.dll.config/web.config file
- The value from [identity].[ClientSecrets] is a hashed value of the configuration one. Copy the configuration value and rehash it using https://cryptii.com/pipes/fpEyXg
- Perform "iisreset" and reload the Orchestrator website
- Update the value from the right side in the [identity].[ClientSecrets] and the affected functionality should start working.
- In case of connecting robots, the robots will need to be recreated for the Secret to reseed.