Salesforce

After logging in, you receive the message "ID3082: The request scope is not valid or is unsupported"

Printable View
« Go Back

Information

 
Article TypeSolution Article
Scope/EnvironmentLiveContent Architect 10 or higher
Symptoms/Context
When logging in into the webclient or using on of the client tools, you receive the message "ID3082: The request scope is not valid or is unsupported". This error message appears if the Relying parties are either not created in the STS database or the relying parties are incorrect.
Resolution

Relying parties not created: 
When LiveContent Architect is installed for the first time, the entry points are not yet created in the STS Database. This is done as soon as the webclient is accessed for the first time. However in this scenario the End Points have not been created or the process failed to create it.

  1. Stop all Trisoft Component Services and Trisoft services.
  2. Browse via a file explorer to C:\InfoShare\Web\InfoShareSTS\App_Data
  3. Delete the current STS database IdentityServerConfiguration.SDF or IdentityServerConfiguration1_1.SDF
  4. Browse to the installation package (cd) \<InstallPackageName>\Websites\InfoShareSTS\App_Data
  5. Copy the IdentityServerConfiguration.SDF database to the location in step 2
  6. open a commnand prompt with Admin right
  7. Execute : IISRESET
  8. Open the STS website (HTTPS://<SERVERNAME.DOMAINNAME>/InfoshareSTS
  9. Login with the admin Account
  10. Go to Administration --> Relying parties
  11. Check if the system has created the relying parties
If the Relying Parties have not been created, see the Documentation entries for either ISHTS or ADFS: 
https://docs.sdl.com/LiveContent/content/en-US/SDL%20Tridion%20Docs-v1.1.2/GUID-547F08CE-D78D-4AC1-B71F-D1CEB174E1F2

Certificate is too long:
When a encryption certificate is stored in the STS database, it is stored using a Base 64 encoding. The maximum Lenght of this is 4000 characters. If the certificate that is beeing used, exeeds the number of characters, the application is unable to add the Relying Parties to the database and that results to the error Unable to reach the repository 'admin'. ID3082: The request scope is not valid or is unsupported.

Step 1: Check if the certificate has more than 4000 characters:

  1. In internet information services, open Server Certificates
  2. Locate the certificate that is being used
  3. Click the details tab, and select Copy to File
  4. Click next in the Certificate export Wizard dialogue
  5. Choose in the next screen for a Base-64 encoded certificate
  6. store it on a temp. location
  7. Click Finish to Export
  8. Edit the exported Base-64 certificate with Notepad (or your favorite editor)
  9. Remove Line 1 that starts with -----BEGIN CERTIFICATE-----
  10. Remove the last line that ends with -----END CERTIFICATE-----
  11. Make sure that all remaining entries are on 1 line without any spaces. Count the number of characters that you have. Note in Notepad++ you can quickly see the number of Characters in the status window
  12. If the certificate exceeds the 4000 characters, a new certificate has to be generated by the customer. For example they can reduce the number of items in the Subject Alternative Names.

Step 2: reinstalling Architect

The best way if the certificate has changed is to reinstall Livecontent Architect. This will update all files that will use a thumbprint and will reinitialize the STS database. the process will automatically create the relying parties.

Root Cause
Reference
Attachment 1 
Attachment 2 
Attachment 3 
Attachment 4 
Attachment 5 
Powered by