Hi Dan,
Thanks - I've created a ticket here:
https://github.com/FusionAuth/fusionauth-issues/issues/822
Regards
Brad.
B
bradley.kite
@bradley.kite
5
Reputation
16
Posts
3
Profile views
0
Followers
1
Following
Best posts made by bradley.kite
-
RE: LDAP LAMBDAposted in General Discussion
-
RE: LDAP LAMBDAposted in General Discussion
In case anyone else would like to do the same, I have found a solution which I have detailed here:
https://github.com/FusionAuth/fusionauth-issues/issues/822#issuecomment-680172776
Latest posts made by bradley.kite
-
RE: Group Based App Registrations?posted in General Discussion
Would it be possible (eg, with some kind of LAMBDA) so that when a user logs in, the LAMBDA can check what groups the user is a member of, and automatically create the app registrations for the app they are trying to access?
The LAMBDA can then create any app-specific usernames, if required. But I'm not sure if the LAMBDA has access to group membership info?
-
Group Based App Registrations?posted in General Discussion
Hi,
I'm not 100% sure how groups are meant to be used in FusionAuth.
I've created a group, assigned it application roles, and put users in the group, but the user still needs to register for the application - is it not possible for app registrations to be inferred from the groups app roles?
I suspect its more a case of me not understanding something.
Thanks for any help offered.
Regards
Brad.
-
RE: MFA / 2FA Force Enrollmentposted in General Discussion
Hi Dan,
Is there a formal / supported way for us to write our own pages & logic and integrate it within the same FusionAuth installation?
For example, is there a directory we can place additional WAR files in? Or Java API's that we can use to create our own plugins?
Regards
Brad.
-
MFA / 2FA Force Enrollmentposted in General Discussion
Hi all,
We have a requirement where a specific application has additional security requirements - specifically that MFA MUST be used before a user can access it.
Is it possible that the first time a user tries to log in, that they are automatically taken to the page were they need to enrol / configure the Google (or other time-based) MFA app?
Example:
User logs in, is redirected to the QR code page where they need to configure Google Authenticator (or another app), then they are allowed access to the SAML application.
Thanks in advance
-
RE: SAML v2 POST methodposted in General Discussion
Hi,
Is the code for io.fusionauth.app.action.samlv2.LoginAction available as open source? I'd like to implement the missing POST method - it appears that the GET method is implemented, but not POST.
I've found some SAML-related bits on github (https://github.com/FusionAuth/fusionauth-samlv2) but not this class.
-
RE: SAML v2 POST methodposted in General Discussion
Hi Dan,
We are using FusionAuth as the IDP. Its already acting as an IDP for another application, but this app is not playing ball.
I'm afraid I'm not able to name the application, but its a web-based cyber security app that has documented support for Okta, Google and ADFS as the IDP, but we are trying to get it to work with FusionAuth. I'm sure it will be possible, but we need to understand what the above error means.
I've checked the CORS settings and they are fine - we've wild-card allowed CORS requests just as a test, and included POST (among others) as allowed requests.
Regards
Brad.
-
RE: LDAP LAMBDAposted in General Discussion
In case anyone else would like to do the same, I have found a solution which I have detailed here:
https://github.com/FusionAuth/fusionauth-issues/issues/822#issuecomment-680172776
-
SAML v2 POST methodposted in General Discussion
Hi there,
I have an application that only supports SAML POST bindings, and I"m trying to integrate it with FusionAuth.
I'm getting the following error when I try to log in to my app. The app sends the POST request to FusionAuth, but all I get back is
HTTP ERROR 405
HTTP/1.1 405 Date: Wed, 26 Aug 2020 09:46:08 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips Access-Control-Allow-Origin: https://XXXXXX Vary: Origin Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-AliveIn the server logs (fusionauth-app.log) I get a single line:
Aug 26, 2020 10:41:30.865 am WARN org.primeframework.mvc.action.DefaultActionMappingWorkflow - The action class [io.fusionauth.app.action.samlv2.LoginAction] does not have a valid execute method for the HTTP method [POST]The SAML request that gets sent in the POST request is:
<?xml version="1.0" encoding="UTF-8"?> <saml2p:AuthnRequest AssertionConsumerServiceURL="https://XXXXXX/api/auth/saml2/handle-assertion" Destination="https://XXXX.cybanetix.com/samlv2/login/863a8e18-7ae4-8ad7-4fa0-3e9e02a36525" ForceAuthn="false" ID="a58686e0-6743-4a74-9af1-d3d5a21a6b75" IsPassive="false" IssueInstant="2020-08-26T08:31:36.303Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://XXXX/api/auth/saml2/login</saml2:Issuer> <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> <saml2p:RequestedAuthnContext Comparison="exact"> <saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2p:RequestedAuthnContext> </saml2p:AuthnRequest>This looks well-formed to me, the ACS looks good and matches the config in the application, as does the Login URL etc.
Any help will be greatly appreciated.
--
Brad. -
RE: LDAP LAMBDAposted in General Discussion
Hi Dan,
Thanks - I've created a ticket here:
https://github.com/FusionAuth/fusionauth-issues/issues/822
Regards
Brad.