diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
index b5ff6f95..4b53b524 100644
--- a/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
+++ b/src/Server/ZB.MOM.WW.OtOpcUa.Security/Endpoints/AuthEndpoints.cs
@@ -93,7 +93,7 @@ public static class AuthEndpoints
             var dbRows = await roleMappings.GetByGroupsAsync(result.Groups, ct);
             roles = RoleMapper.Merge(result.Roles, dbRows);
         }
-        catch (Exception ex)
+        catch (Exception ex) when (ex is not OperationCanceledException)
         {
             // A DB hiccup must never block sign-in — fall back to the appsettings baseline roles.
             http.RequestServices.GetService<ILoggerFactory>()?