diff --git a/apps/common/utils/crypto.py b/apps/common/utils/crypto.py
index 331f8b0bb..0c818ec5b 100644
--- a/apps/common/utils/crypto.py
+++ b/apps/common/utils/crypto.py
@@ -259,7 +259,7 @@ def decrypt_password(value):
     aes = get_aes_crypto(aes_key, 'ECB')
     try:
         password = aes.decrypt(password_cipher)
-    except UnicodeDecodeError as e:
+    except Exception as e:
         logging.error("Decrypt password error: {}, {}".format(password_cipher, e))
         return value
     return password
diff --git a/apps/orgs/models.py b/apps/orgs/models.py
index c4208d7d0..4bcb14e33 100644
--- a/apps/orgs/models.py
+++ b/apps/orgs/models.py
@@ -16,9 +16,14 @@ class OrgRoleMixin:
     def add_member(self, user, role=None):
         from rbac.builtin import BuiltinRole
         from .utils import tmp_to_org
-        role_id = BuiltinRole.org_user.id
+
         if role:
             role_id = role.id
+        elif user.is_service_account:
+            role_id = BuiltinRole.system_component.id
+        else:
+            role_id = BuiltinRole.org_user.id
+
         with tmp_to_org(self):
             defaults = {
                 'user': user, 'role_id': role_id,
diff --git a/apps/settings/serializers/auth/sso.py b/apps/settings/serializers/auth/sso.py
index c04f38920..113391b45 100644
--- a/apps/settings/serializers/auth/sso.py
+++ b/apps/settings/serializers/auth/sso.py
@@ -1,4 +1,3 @@
-
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
 
@@ -14,5 +13,5 @@ class SSOSettingSerializer(serializers.Serializer):
     )
     AUTH_SSO_AUTHKEY_TTL = serializers.IntegerField(
         required=False, label=_('SSO auth key TTL'), help_text=_("Unit: second"),
-        min_value=1, max_value=60*30
+        min_value=60, max_value=60 * 30
     )