We have investigated this some more and it seems like there are a few things that we missed while migrating things over to .NET Core some time ago. As you have noticed, we have missed some properties such as the cookie domain among others in our AD extension.
We have also noticed that the extension hosts a separate endpoint, which means that some of the settings such as those from CORS aren’t automatically being applied here. Fixing the CORS issue will most likely require some more time to fix, however we think we do have a fix for the cookie domain not being set. We couldn’t fully test this as our domain setup wasn’t entirely playing nicely, so would really appreciate your help in verifying the fix by updating your version of the extension with a custom version and following these steps:
- Backup your Octopus
BuiltInExtensions folder, this should usually be located next to the server executable located at
C:\Program Files\Octopus Deploy\Octopus\BuiltInExtensions
- Stop the server and replace the
Octopus.Server.Extensibility.Authentication.DirectoryServices.dll with the version from the download linked above.
- Start the Octopus Server
Once you have updated the extension, could you please verify that you are able to login using integrated security and the cookie domain is set appropriately?
Looking forward to hearing back from you,