-
Title
Error “404 – File or directory not found” in One Identity Manager Portal when using Entra ID (OAuth / OpenID Connect) -
Description
The authentication flow occurs as follows:
- Access to the One Identity Manager Portal initiates a redirect to Microsoft Entra ID for authentication (OAuth 2.0 Authorization Code flow).
- Authentication completes successfully.
- Microsoft Entra ID redirects the browser back to the portal with an Authorization Code and State parameter in the URL.
- The request is rejected, and a generic 404 – File or directory not found error is returned.
-
Cause
The request is blocked by the IIS Request Filtering module because the URL length exceeds the default limit of 2,048 bytes.
This issue is specific to Microsoft Entra ID OAuth configurations due to the combined size of the following parameters:
-
Authorization Code
The OAuth token generated by Entra ID varies in size based on group memberships and security claims (commonly larger for guest or external accounts). -
Application State
The Angular Portal appends a state parameter (approximately 600–700 bytes) to support deep linking.
When combined, these parameters can exceed the default maxQueryString limit, causing IIS to reject the request.
-
-
Resolution
Workaround: Increase the maxQueryString value to 32,768 bytes.
To support larger OAuth tokens generated by Microsoft Entra ID, the query string and URL length limits must be increased.
For On-Premises: Update the portal’s web.config file as outlined below.
Steps
- Log in to the server hosting the One Identity Manager Web Portal.
- Locate the web.config file in the portal root directory.
- Create a backup of the file.
- Update the configuration to increase the limits to maxQueryString="32768 "
For IMOD environments: Please contact One Identity Support to request a review and update of the maxQueryString setting for the API/portal instance.
-
Change Request
649732