Sitecore CLI login error

Created: 12 Sep 2020, last update: 12 Sep 2020

Sitecore CLI login error .well-known/openid-configuration

I try to login with Sitecore Command Line Interface (CLI)

dotnet tool run sitecore login --authority https://sc10.identityserver --cm https://sc10.sc/ --allow-write true 

And I get an error how to fix?

Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Internal Server Error

or

Logging in to Sitecore. You should see a browser window open shortly.
Error connecting to https://sc10.identityserver/.well-known/openid-configuration: Bad Gateway

Even if your Sitecore 10 is working fine, your identity server could be broken. Verify that your Sitecore identity server is working properly while browsing by going to the url (replace hostname with yours).

https://sc10.identityserver If this give an error you need to fix that. And check also the https://sc10.identityserver/.well-known/openid-configuration  This should give a JSON file and not an error.

If you have a HTTP Error 500.19 – Internal Server Error  about your web.config. Likely you do not have the correct version of .NET Core Runtime and IIS support. Download from: https://dotnet.microsoft.com/download/dotnet-core/2.1

Sitecore Identity server requires .NET Core 2.1.18 Windows Hosting Module, you can also found the version in file Sitecore.IdentityServer.Host.runtimeconfig there is version 2.1.16 in my Sitecore 10 version, but anyway download the Hosting Bundle which includes the .NET Core Runtime and IIS support.
To check which runtimes are installed run:

dotnet --list-runtimes

If you have a HTTP Error 502.5 - Process Failure it could be an invalid license see \sitecoreruntime\license.xml
You can turn the logging on in the web.config set stdoutLogEnabled to true, and create manual a logs folder in the root of the app. (for me logging didn't work if I didn't create the log folder myself)

In my case it was logging empty files that didn’t help.
You can also run the identyserver from the Console.
Go the application root and run:

dotnet Sitecore.IdentityServer.Host.dll

Perhaps you see now the error, or if is it is okay it looks like this:

[20:58:42] Sitecore.Framework.Plugin.Web.WebCommand [Information] Starting web host
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] User profile is available. Using '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys"' as key repository and Windows DPAPI to encrypt keys at rest.
[20:58:43] Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [Information] Creating key {71b830c8-284e-4a2c-b313-f8305ba477a4} with creation date 2020-09-11 18:58:43Z, activation date 2020-09-11 18:58:43Z, and expiration date 2020-12-10 18:58:43Z.
[20:58:43] Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository [Information] Writing data to file '"C:\\Users\\629401\\AppData\\Local\\ASP.NET\\DataProtection-Keys\\key-71b830c8-284e-4a2c-b313-f8305ba477a4.xml"'.
[20:58:43] IdentityServer4.Startup [Information] Starting IdentityServer4 version "2.3.2.0"
[20:58:43] IdentityServer4.Startup [Information] Using the default authentication scheme "idsrv" for IdentityServer
Hosting environment: Production
Content root path: C:\inetpub\wwwroot\sc10dev.local.identityserver
Now listening on: http://localhost:5000
Now listening on: https://localhost:5001


If you like you can also use this and bypass IIS and use the just started listener to login:

dotnet tool run sitecore login --authority http://localhost:5000/ --cm https://sc10.sc/ --allow-write true

Anyway, all of the above should help you to find the issue and be able to login with the Sitecore Command Line Interface (CLI)