When a domain user is logged in into the domain and I use “sign in with your Microsoft Windows Domain Account” option, I can login to Octoups. But the situation is, though all user credentials will be maintained in the AD, they may not be necessarily logging in into the domain. Given that case, we would like to use form based authentication against AD (with Octopus sign in form).
When I provide my domain credentials in any of the formats e.g. email@example.com OR domain\user, i get an error indicating "Value cannot be null. Parameter name: Instance.
We also tried setting AllowFormsAuthenticationForDomainUsers to true, but does not work.
My current OctopusDeploy server is standard installation and does not have IIS on that machine
What is that we are missing?
Attached the screenshot of the error
Additional info from the logs
ERROR Unhandled error on request: http://localhost/api/users/login by : Value cannot be null.
Parameter name: instance
System.ArgumentNullException: Value cannot be null.
Parameter name: instance
at System.ComponentModel.DataAnnotations.ValidationContext…ctor(Object instance, IServiceProvider serviceProvider, IDictionary
2 items) at Nancy.Validation.DataAnnotations.DataAnnotationsValidatorAdapter.<Validate>d__4.MoveNext() at System.Collections.Generic.List1.InsertRange(Int32 index, IEnumerable
1 collection) at Nancy.Validation.DataAnnotations.PropertyValidator.Validate(Object instance, NancyContext context) at Nancy.Validation.DataAnnotations.DataAnnotationsValidator.Validate(Object instance, NancyContext context) at Octopus.Server.Web.Infrastructure.Api.Responder1.BindAndValidateTModel in Y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Api\Responder.cs:line 83
at Octopus.Server.Web.Api.Actions.UserLoginAction.Execute() in Y:\work\refs\heads\master\source\Octopus.Server\Web\Api\Actions\UserLoginAction.cs:line 31
1.Respond(TDescriptor options, NancyContext context) in Y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Api\Responder.cs:line 162 at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2) at CallSite.Target(Closure , CallSite , Object , Object , NancyContext ) at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass0_0.<.ctor>b__0(Object o) in Y:\work\refs\heads\master\source\Octopus.Server\Web\Api\OctopusRestApiModule.cs:line 46 at CallSite.Target(Closure , CallSite , Func2 , Object )
at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)
Thanks for the question. It sounds like you have AD configured correctly but something is stopping login data from being sent to the Octopus Server or the login cookie is not being set.
When you attempt to login you should get an OctopusIdentificationToken cookie. Can you check if you are getting that cookie? If so, can you send the content of that cookie?
Ok, I did couple of more things
I changed the webAuthenticationMode to Domain by executing following script
Octopus.Server.exe service --start
Octopus.server.exe configure --webAuthenticationMode=Domain
Octopus.Server.exe service --stop
Despite of this, things did not work, then I was trying to figure out where the Portal directory of Octoups, but looks like there is no Portal directory any longer in Octopus. I figured out there is Octopus.config in your octopus program files directory (Drive:>Program Files\Octopus Deploy\Octopus) and there is a setting that i changed to Domain
With this change and restarting the service again, I am able to login by entering my AD credentials in the sign in form.
BUT, interestingly - I need to attempt sign in for 2-3 times before i can get into Octopus. For first couple of times, I still get the error mentioned in my original post. This issue off-course would not be appreciated by client and I am still looking for a solution.
Hi Shane Gill,
You were right, In IE 11 -> in the first 2 attempts of sign-in, this cookie is blank. But with Firefox, it works without any issue. Do you know if this is a known issue with IE 11?
Glad to hear you have it (mostly) working.
Someone else had a similar issue in IE and they fixed it by disabling the Bing toolbar. It may be an IE plugin that is interfering with the cookie.
Now it works in IE also but it was not the bing toolbar but bing search provider - which was enabled. When i disable it - now it works without any problem
But can you confirm if the solution i had applied is the way to fix this? the command to change the configuration from command prompt did not result in changing the authenticationmode in octopus.config file. And if the setting is left as UsernamePassword, then it does not work. Only when I manually changed this to Domain, its all working fine.
Is this a known issue and is this how you can fix this?
The commands you issued should have changed the authentication mode. I see you have them listed --start --configure --stop, which is backwards, it should be: --stop --configure --start. The command should be working, if not I will investigate further.
The command just changes the setting in the configuration file, so by editing the configuration file you did what the command does.
sorry that was a typo but i actually executed the commands in that order. It did not work that way for me… Nevertheless, Now its working. Thanks for your help on this.