Adding Security Group Integration Slows Sign In to a Crawl

(Paul Miller) #1

Our developer team is setting up an Octopus deploy integrated with my AD - when they enable Security Group Integration the authentication slows to a crawl and they are asking me how we can improve this.

I’m just curious why the AD authentication is 5 second sign ins or less without security group integration and 60 seconds with it. Has anyone else ever experienced this or is there some known troubleshooting we can undertake for it?

(Shannon Lewis) #3

Hi Paul,

Thanks for getting in touch. Could I check which version of Octopus you are using, there have been some changes to authentication over time and knowing the right version will help narrow down exactly why login might be slow.

For example, versions prior to 3.17 used to always get the user’s groups from AD on login. As of that version they are only retrieved on login if the user is new to Octopus, there is a task that runs every hour in the background to update the groups for all known users so they don’t see any delays like you’re seeing on login.

The time taken to locate groups is a function of your AD complexity and/or DNS lookup times. The Microsoft API call we use will recurse through all groups across all domains that the user is in, to give us back a flat list of the complete list of groups. I mentioned DNS because sometimes the calls seem to take a long time to resolve the login server’s details.

5s seems like it might be slow too for the login itself, without the groups. This is only making a single API call to the login server to verify credentials, so again may be indicating some delay in resolving DNS.

I assume this is with forms authentication? Would you be able to try with integrated login (i.e. the Sign in with a domain account button) and see if you get the same delay there?

Regards
Shannon