Accessing Aras Innovator instance outside the network using Ngrok Tunneling
Hello Team, I have installed Aras Innovator 2023 on Windows Server 2022 successfully. I can log in to the Innovator Instance using the localhost URL on the server and the hostname_server URL on the same network machine without any error. I am using the Ngrok Tunneling Client to forward the static domain to the local host to access the innovator Instance outside the network. While doing so, I am receiving an error that states "Error: Cannot access OAuth Server due to CORS policies". Below is the command used for Ngrok tunneling cmd: ngrok --domain=xxx.yyy 80 --host-header=Access-Control-Allow-Origin where xxx.yyy is the static domain name Also, I have modified the below-given line in the <customHeaders> section of ...\Innovator\Server\web.config. WAS: <add name="Access-Control-Allow-Origin" value="*" /> IS: <add name="Access-Control-Allow-Origin" value="https://xxx.yyy" /> Finally, I followed the below steps to solve the issue which didn't help though. [Reference: https://github.com/ArasLabs/aras-workflow-approval/issues/1] The following steps will also avoid the CORS error: Open the IIS Manager. Select your Aras Innovator instance from the site list in the Connections pane. In the center pane, select HTTP Response Headers from the IIS section. In the Actions pane on the right, select Add… Add a header with the following values: Name: Access-Control-Allow-Headers Value: database, authpassword, authuser, soapaction, content-type Click Add… again and add another header with the following values: Name: Access-Control-Allow-Origin Value: https domain to whitelist or * Ngrok Log: Client Error: Note: The above approach is for testing purposes only.
Renewing expired Oauth certificates lead to error 502. What can be the reason?
Hi community, I have an older Innovator 12 instance were the OAuth certificates are about to expire. This topic is mentioned in this thread which also contains the current Aras solution to renew the certificates: link In short, we all have to update the certificates after two years to avoid the Vault server will not work anymore. If you update on a regular basis, this one is no relevant topic, as the certificates will be renewed by update. I used the solution to update the certificates on a 12SP7 test server and it worked fine. I tried the same solution on a 12SP10 instance and it didn´t work at all. At this instance I get following error: Innovator cannot be accessed at all and I don´t even make it to the login screen. Does anyone know, what can cause this issue and how to solve it? Many thanks for any help! Angela
Authority Mismatch on Settings vs. signin state after upgrading from R21 to R27
My R21 environment (dev) had no issues prior to applying the R27 patch. Can't get his resolved. Hopefully somebody else in thee community have had this and resolved this issue. From oidc-clinet-ts.min.js: this._settings.authority !== t.authority && r.throw(new Error("authority mismatch on settings vs. signin state"))
PWA Problem Report - Invalid Credentials?
Hello, Been trying to get the PWA Problem Reports Aras Labs up and running. Everything installed, followed the instructions and restarted IIS twice. But when trying to login, getting "Invalid Credentials" even though the same login and password work just fine logging in normally. This is on Aras "2023" / the current free version (V14?). Appreciate any assistance on this one!
Single sign-on to Aras Innovator using a proprietary authentication system
We have built a system that when you log in to a PC, that system can auto-login to multiple systems. We want to use our own authentication system to automatically log in to Aras Innovator. I would like some advice. ・Do you have any documentation that would be helpful? ・What information can I provide to get more detailed advice?
How to increase getFileURL token lifetime
Hello, I am currently writing a server method which will provides some data including file urls to our MES. To get file url I'm using the method innovator.getFileUrl(fileInfo.FileId, UrlType.SecurityToken)) that returns something like vaultAddress/vaultserver.aspx. The problem that we are currently facing is that the link bellow is valid only 2 minutes, so if the MES operator doesn't click on the 2 minutes, the file won't be downloadable. So I was wondering if we can increase the lifetime of the token and how can we do it ? Regards Florent
Instruction: How to Enable SSL in Aras Innovator V12 (or Fix Invalid Redirect_Uri)
Hello everyone, As I found myself struggling setting up SSL across multiple Aras Installations, I decided to write a short instruction. This instruction should fix error 'invalid redirect_uri'. 1. Enable SSL in Internet Information Services (IIS) In IIS, select your instance and under 'IIS' go to 'SSL Settings'. Make sure 'Require SSL' is checked and 'Client Certificates' is set to 'Ignore'. Depending on the modules you installed, make sure this setting is successfully applied to the following sub pages: Client, ConversionServer, NotificationServer, OauthServer, SelfServiceReporting, Server, Vault. 2. Install Notepad++ on the Innovator Server Install the latest version of Notepad++ or any similar tool that can replace text recursively in all files in a selected folder. 3. Replace HTTP instances with HTTPS In Notepad++ go to 'View > Find...' (or CTRL+F) and head over to the 'Find in Files' tab. Configure it as follows: Find what: http://localhost/ Replace with: https://[YOUR SERVER NAME / IP]/ Filters: *.* Directory: [THE ROOT DIRECTORY OF YOUR INSTALLATION – AN INNOVATOR FOLDER BY DEFAULT] Check: 'Include all sub-folders' Search mode: Normal Leave all unmentioned fields blank or unchecked Now click 'Replace in Files'. The process should take about 5 minutes so you can grab a cup of coffee. Once you return, about 30 instances should have been replaced. The 'redirect_uri' error should have been resolved and your browser will give you a SSL Certificate pop-up. Click 'OK' (only necessary once). I hope this helps. All the best from Almelo. Daan Update 2025: In newer versions of Innovator, much more than 30 instances will be found for replacement.Version 12 SP9 - Cannot access O Auth server 500 error
I installed ARAS 12 SP9 with dependencies of right version installed prior to it. Installation was successful. Post installation, I logged into ARAS webclient using edge & chrome and faced the error shown below These are the list of dependencies installed Why does it fail to load login screen?HTTP Error 502.5 - Process Failure - OAuth - Server
Hello, After installing ARAS Innovator 12 SP9 community edition, I got the HTTP Error 502.5 as I tried to login onto the new instance. First thing I did was checking the prerequisites for ARAS innovator, but everything was ok. So I started to analyse the underlying problem, and it turned out that the XML file .../OAuthServer/OAuth.config is not a valid XML document. At line 86, you find "1:" right before the "redirectUri" tag. Please remove this two characters and it will start to work. Hope this is helpful until this mistake is fixed. Best regards
OAuth - How to use Grant Type "Authorization Code" for token generation
Hi everyone, I recently read this excellent blog post about token authentication using the REST API for Innovator, and in it Christopher Gillis says that ' urrently, I believe "password" is the only authentication type allows [sic]. Aras as a whole is moving towards more types of authentication in 12.0, so this is likely to change in the upcoming releases.' With 12.0 released, I see that OAuthServer\OAuth.config now defines two allowedGrantTypes for the clientRegistry with ID "IOMApp": 'password' - the one that I have been using in my code when generating OAuth tokens for Innovator so far - but also 'authorization_code'. Hence, I was wondering if anyone knows a practical way yet to generate the access token with that grant type, instead of using "password"? Thanks a lot in advance for any info on this subject. Cheers, C
