The behavior of configuring the Allowed Cors Origin setting changed starting in Hyland IdP 2.6.0. A wildcard cannot be configured for the Allowed Cors Origin setting starting in Hyland IdP 2.6.0. If this setting contains a wildcard, the Hyland IdP returns the error Invalid client configuration for client X: AllowsCorsOrigin contains invalid origin: *.
To correct this error you must configure URLs for specific origins for the Allowed Cors Origins setting. This value can also be left empty if specific origin values are not required.