OSP logs show "redirect_uri" error - Cannot access UserApp

  • 7017726
  • 15-Jun-2016
  • 16-Jun-2016


IDM Roles Based Provisioning Module 4.5
One SSO Provider 5.x, 6.x


All IDM 4.5 Apps deploy correctly after installation, as is seen in catalina.out. However, when accessing links like /IDMProv and /landing, there are clear OSP errors. Most commonly, is seeing the below error when accessing /IDMProv -


While the above error could be related to many things, in this particular scenario the osp-idm.*.log (* being the current date) indicated the following error "Client "redirect_uri" did not validate against registered urls!":

You can find this log in the same directory as catalina.out, the following are default locations -

Linux - /opt/netiq/idm/apps/tomcat/logs

Windows - C:\netiq\idm\apps\tomcat\logs


To resolve this issue, please confirm your OSP redirect url settings that can be found in the ./configupdate.sh (or ./configupdate.bat) file. Navigate to the "SSO Clients" tab. In each of these sections, verify the entry for "OSP Oauth redirect url." Make sure none of them are set to localhost, and make sure they are either all IP address, or all Hostname. Also make sure that all information that proceeds after the Hostname (and port, if applicable) can be left alone.

The below image points out settings you should confirm.