/ Sitecore

Sitecore CLI Non-Interactive User Not Created

0 Shares

I ran across an interesting issue in that I have 3 Sitecore environments that have the same configs required for non-interactive login with the Sitecore CLI. 2 of the 3 work without issue, but the 3rd was not creating the Sitecore CLI user despite having the same configuration files per: https://doc.sitecore.com/xp/en/developers/102/developer-tools/configure-a-non-interactive-client-login.html.

I checked that requiresUniqueEmail is false in the web.config, and all files are the same across environments (except for values that should be different like the URLs of the ID Service, CMS, and CliServerClient).

The issue is that the CLI User is not getting created in the CMS as a User like the other environments. I was wondering if I was missing a step in how this user account gets created as I thought this would create it:

dotnet sitecore login --authority https://<sitecore-identity-server> --cm http://<sitecore-instance> --allow-write true --client-credentials true --client-id <client-id> --client-secret <client-secret>

When I run this, it reports:

Login information has been saved.

However, when I try to run something such as a “dotnet sitecore ser push” it complains with the following error and there is no CLI User in the CMS:

You are not authorized to perform the task you are attempting. You may need to be assigned additional permissions.

1064 17:53:06 ERROR [Sitecore Identity] 'http://www.sitecore.net/identity/claims/originalIssuer' claim is missing
2820 17:53:06 ERROR Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationMiddleware - Authentication failed
Exception: System.InvalidOperationException
Message: Unable to create a user. Reason: InvalidPassword
Source: Sitecore.Owin.Authentication
   at Sitecore.Owin.Authentication.Identity.MembershipUserStore`1.CreateAsync(TUser user)
   at Microsoft.AspNet.Identity.UserManager`2.<CreateAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sitecore.Owin.Authentication.Services.DefaultApplicationUserResolver.<ResolveApplicationUserAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sitecore.Owin.Authentication.Pipelines.Initialize.BearerAuthenticationBase.<ResolveUser>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Sitecore.Owin.Authentication.Pipelines.Initialize.BearerAuthenticationBase.<ValidateIdentity>d__31.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationHandler.<Authent

How Was the Sitecore CLI Unable to create a user. Reason: InvalidPassword Resolved?

In my case, it was that in following the Sitecore Security Hardening to create a strong Password Policy (Enforce a strong password policy (sitecore.com), the Regex of the passwordStrengthRegularExpression setting was the issue. The SqlMembershipProvider.GeneratePassword Method generates random passwords, however it is not guaranteed to match the Regex. Specifically:

The random password created by the GeneratePassword method is not guaranteed to pass the regular expression in the PasswordStrengthRegularExpression property. However, the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters properties.

SqlMembershipProvider.GeneratePassword Method (System.Web.Security) | Microsoft Learn

With this in mind (and thankful for the help from the Sitecore Community and Sitecore Support), I removed the passwordStrengthRegularExpression as per Microsoft “the random password will meet the criteria established by the MinRequiredPasswordLength and MinRequiredNonAlphanumericCharacters”.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap