Severity
No response
Version
Confirmed in 2025.4.10338
Latest Version
None
What happened?
Some errors may not get passed in the response when using HTTP.sys kernel mode auth.
Example:
When attempting to login to Octopus with the Sign in with a Domain SSO button, you may receive a 500 error. However, after enabling Octopus.Server.exe configure --webServer=Kestrel and leaving all other settings the same, the response will include an error, such as:
{
"ErrorMessage": "There was a problem with your request.",
"Errors": [
"Expiration cannot exceed maximum session duration"
],
"ParsedHelplinks": []
"Details": {}
}
Reproduction
- Setup an Octopus instance with AD using
--webServer=httpsys and NTLM
- Change the Maximum Session Duration to a small value such as 3600
- Attempt to log in via the Sign in with a Domain SSO button
- You should then get a 500 error instead of a 302 redirect
- Stop the Octopus Server and enable
--webServer=Kestrel
- Start the Octopus Server, attempt to log in via the Sign in with a Domain SSO button, then you should see the error message
Workaround
Temporarily enabling Kestrel may reveal additional errors that aren't revealed when using httpsys.
Severity
No response
Version
Confirmed in 2025.4.10338
Latest Version
None
What happened?
Some errors may not get passed in the response when using HTTP.sys kernel mode auth.
Example:
When attempting to login to Octopus with the Sign in with a Domain SSO button, you may receive a 500 error. However, after enabling
Octopus.Server.exe configure --webServer=Kestreland leaving all other settings the same, the response will include an error, such as:Reproduction
--webServer=httpsysand NTLM--webServer=KestrelWorkaround
Temporarily enabling Kestrel may reveal additional errors that aren't revealed when using
httpsys.