Sitecore CLI login error

Created: 12 Sep 2020, last update: 28 Apr 2021

Sitecore CLI login error .well-known/openid-configuration

I try to login with Sitecore Command Line Interface (CLI) but my Sitecore identityserver was broken.

dotnet tool run sitecore login --authority https://sc10.identityserver --cm https://sc10.sc/ --allow-write true 

And I get an error how to fix?

Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Internal Server Error

or

Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Bad Gateway

Even if your Sitecore 10 is working fine, your identity server could be broken. Verify that your Sitecore identity server is working properly while browsing by going to the url (replace hostname with yours).

https://sc10.identityserver If this give an error you need to fix that. And check also the https://sc10.identityserver/.well-known/openid-configuration  This should give a JSON file and not an error.

If you have a HTTP Error 500.19 – Internal Server Error  about your web.config. Likely you do not have the correct version of .NET Core Runtime and IIS support. Download from: https://dotnet.microsoft.com/download/dotnet-core/2.1

Sitecore Identity server requires .NET Core 2.1.18 Windows Hosting Module, you can also found the version in file Sitecore.IdentityServer.Host.runtimeconfig there is version 2.1.16 in my Sitecore 10 version, but anyway download the Hosting Bundle which includes the .NET Core Runtime and IIS support.
To check which runtimes are installed run:

dotnet --list-runtimes

If you have a HTTP Error 502.5 - Process Failure it could be an invalid license see \sitecoreruntime\license.xml
You can turn the logging on in the web.config set stdoutLogEnabled to true, and create manual a logs folder in the root of the app. (for me logging didn't work if I didn't create the log folder myself)

In my case it was logging empty files that didn’t help.
You can also run the identyserver from the Console.
Go the application root and run:

dotnet Sitecore.IdentityServer.Host.dll

Perhaps you see now the error, or if is it is okay it looks like this:

[20:58:42] Sitecore.Framework.Plugin.Web.WebCommand [Information] Starting web host
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] User profile is available. Using '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys"' as key repository and Windows DPAPI to encrypt keys at rest.
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] Creating key {71b830c8-284e-4a2c-b313-f8305ba477a4} with creation date 2020-09-11 18:58:43Z, activation date 2020-09-11 18:58:43Z, and expiration date 2020-12-10 18:58:43Z.
[20:58:43] Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository [Information] Writing data to file '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys\\key-71b830c8-284e-4a2c-b313-f8305ba477a4.xml"'.
[20:58:43] IdentityServer4.Startup [Information] Starting IdentityServer4 version "2.3.2.0"
[20:58:43] IdentityServer4.Startup [Information] Using the default authentication scheme "idsrv" for IdentityServer
Hosting environment: Production
Content root path: C:\inetpub\wwwroot\sc10dev.local.identityserver
Now listening on: http://localhost:5000
Now listening on: https://localhost:5001


If you like you can also use this and bypass IIS and use the just started listener to login:

dotnet tool run sitecore login --authority http://localhost:5000/ --cm https://sc10.sc/ --allow-write true

Anyway, all of the above should help you to find the issue and be able to login with the Sitecore Command Line Interface (CLI)

If the identityserver works when you start commandline and not when using IIS try to set the Application Pool Identity from ApplicationPoolIdentity to NetworkService that works for me to solve the:

HTTP Error 502.5 - Process Failure

Common causes of this issue:

  • The application process failed to start
  • The application process started but then stopped
  • The application process started but failed to listen on the configured port

Troubleshooting steps:

  • Check the system event log for error messages
  • Enable logging the application process' stdout messages
  • Attach a debugger to the application process and inspect

With event log message:

Application 'MACHINE/WEBROOT/APPHOST/SC10U1IDENTITYSERVER.DEV.LOCAL' with physical root 'C:\inetpub\wwwroot\sc10u1identityserver.dev.local\' created process with commandline 'dotnet .\Sitecore.IdentityServer.Host.dll'but failed to get its status, ErrorCode = '0x80070005'.