I’ve configured both of my instances (one prod, one test) to work with AD logins. The prod one works fine. The test one… half so
What happens is the following: when the users log in via the form (i.e. provide their AD username and password) it works. But when they click the “sign in with a domain account” they get an error (see screenshot).
Note that I’ve configured the service on both instances (they’re on different servers) to use the same AD user. The versions are different: prod uses 2020.1.16 while test uses 2021.2.7808 (latest).
Please take a look if you can resolve it with the steps in the documentation. If it still not working after that, please let us know, we will try to reproduce the issue locally.
Thanks @sergei.dubovsky . I’ll turn on logging, as the article suggests, and see what I can find. Is there any other article (I searched but couldn’t find one) that explains how to turn on logging to troubleshoot HTTP 5xx errors?
One more thing to check would be an Octopus Server log. If you have a connection to the Octopus server either via UI or via RDP, please take a look at the server log to see if it contains anything relevant to an issue. It’s on the Configuration/Diagnostics page.
We have an update for you on this issue if you are still experiencing it.
We had another user with the same issue as yourself and was able to reproduce it, we have found this is a bug in older versions and also the latest version of Octopus and have created a GitHub issue for this.
Are you able to confirm this is the case for yourself by creating a new user in Active Directory and then signing into your Octopus Instance using the ‘Sign in with Domain’ button?
If it will let you sign in are you then able to sign out and sign in using the form process (so typing in username and password). It should allow you to sign in again, if you can then sign out and use another account to verify the User Data JSON of the previous account (as shown in the GitHub Issue linked above).
If you notice the SAM Account value in the User Data JSON is just the username without the domain in then you have run into this bug and there is a workaround to allow you to carry on with signing in via the domain button.
If you follow the GitHub issue you will be able to see when our engineers have applied the fix and which versions the fix is available in.
I hope this answers your question and allows you to progress with being able to sign in the way you prefer to.
Anything else you need in the meantime please reach out!
