Octopus Sign out keeps Spinning and giving error

(Vinod Deo) #1

Hi Team we are using Latest version of Octopus Octopus 3.16.7

In any new Octopus server, it doesn’t redirect back to the Sign in screen. It just stays there. The same is tried in Incognito mode to avoid any cookies impact. Behavior is same. After a while, it prompts with “Unable to establish connection to the Octopus deploy server"

SingOutOctopus_Error SingOutOctopus

We observed that the issue is fixed when the Cookie Security’s “Tamper Proof Mode:” was set to “None”. in WAF but as per standard practice this should be always " Signed"

Appreciated for any help from Octopus Team

(Robert) #3

Hi Vinod,

Having a read through this issue and the one logged via support email, I so far am not sure this is a problem with the code in Octopus. As noted in the CSRF documentation, we send down two cookies on login, one which is HTTP only and transported via the browser (which contains the auth token) and one which is available to the client and is sent up in a header to validate that the request was initiated from a process that performed the appropriate auth checks.
On Logout we clear both of these cookies and it should redirect back to the sign in page.

Since all our cookies are already encrypted, is there a reason that you need to add additional signing to them through Barracuda? I am not very familiar with this software but it appears to be modifying something in an unexpected way. I would be interested to take a look at any fiddler logs etc to see what its doing to the cookies.

Lets continue this discussion in the open support thread.
Cheers,
Rob

(Vinod Deo) #4

here is the fiddler loNon-Working Fiddler Log.saz (88.5 KB)
Working Fidder Log.saz (110.2 KB)
gs for Working Instance and Instance which is having issue.

(Robert) #5

Thanks for sending these logs through but i cant really follow where the login and logout api calls are being made. Could you send something through that show the authentication and logout request and responses from Octopus. I cannot see any reference to Octopus in these logs.

(Vinod Deo) #6

Here are the updated logs Developer Logs.zip (231.9KB)

Let me know incase need any further inputs from me