diff --git a/webapi/src/main/scala/org/knora/webapi/slice/security/Authenticator.scala b/webapi/src/main/scala/org/knora/webapi/slice/security/Authenticator.scala
index aaf58b1b21..f27e51b0de 100644
--- a/webapi/src/main/scala/org/knora/webapi/slice/security/Authenticator.scala
+++ b/webapi/src/main/scala/org/knora/webapi/slice/security/Authenticator.scala
@@ -226,13 +226,13 @@ final case class AuthenticatorLive(
   } yield user
 
   private def getUserByIri(iri: UserIri): IO[AuthenticatorError, User] =
-    userService.findUserByIri(iri).some.orElseFail(UserNotFound).tap(ensureActiveUser).logError
+    userService.findUserByIri(iri).orDie.someOrFail(UserNotFound).tap(ensureActiveUser)
 
   private def getUserByEmail(email: Email): IO[AuthenticatorError, User] =
-    userService.findUserByEmail(email).some.orElseFail(UserNotFound).tap(ensureActiveUser)
+    userService.findUserByEmail(email).orDie.someOrFail(UserNotFound).tap(ensureActiveUser)
 
   private def getUserByUsername(username: Username): IO[AuthenticatorError, User] =
-    userService.findUserByUsername(username).some.orElseFail(UserNotFound).tap(ensureActiveUser)
+    userService.findUserByUsername(username).orDie.someOrFail(UserNotFound).tap(ensureActiveUser)
 
   private def ensureActiveUser(user: User): IO[AuthenticatorError, Unit] = for {
     _ <- ZIO.fail(UserNotActive).when(!user.isActive)
diff --git a/webapi/src/main/scala/org/knora/webapi/slice/security/api/AuthenticationEndpointsV2Handler.scala b/webapi/src/main/scala/org/knora/webapi/slice/security/api/AuthenticationEndpointsV2Handler.scala
index 1021754231..bcd26e8941 100644
--- a/webapi/src/main/scala/org/knora/webapi/slice/security/api/AuthenticationEndpointsV2Handler.scala
+++ b/webapi/src/main/scala/org/knora/webapi/slice/security/api/AuthenticationEndpointsV2Handler.scala
@@ -10,6 +10,7 @@ import zio.ZLayer
 
 import java.time.Instant
 
+import dsp.errors.AuthenticationException
 import dsp.errors.BadCredentialsException
 import org.knora.webapi.config.AppConfig
 import org.knora.webapi.slice.admin.domain.model.Username
@@ -51,6 +52,8 @@ case class AuthenticationEndpointsV2Handler(
         }).mapBoth(
           _ => BadCredentialsException(BAD_CRED_NOT_VALID),
           (_, token) => setCookieAndResponse(token),
+        ).catchAllDefect(e =>
+          ZIO.fail(AuthenticationException("An internal error happened during authentication", Some(e))),
         )
       },
     )