We’re excited to announce the release of version 1.19 of FusionAuth, which shipped at the beginning of September. This version delivers new features and resolves issues for users running any older version.
Highlights
In addition to the usual bug fixes and user interface improvements, there are a few highlights we’d like to, well, highlight.
Revamped configuration options
Configuration options are now consistent no matter how you set them. Every option can be specified in one of three ways:
- environment variables
- Java system properties, set with the
-Dcommand line option when starting FusionAuth - a key value pair in the
fusionauth.propertiesfile
The list above is presented in precedence order. Environment variables trump system properties, which in turn override values in fusionauth.properties.
If you are running in Docker or Kubernetes, you’ll have configuration flexibility without mounting any volumes.
And if you are worried about your configuration breaking with these new settings, don’t. All previous configuration options are backwards compatible. We will, however, kindly remind you to update your configuration values or environment variables, because that’s how we roll. Learn more in the configuration reference docs.
Login page hinting
If you are using FusionAuth as an auth bottleneck, you may want to let users proceed directly to their third party identity provider, rather than have them see the FusionAuth login page initially. Doing so makes for a more pleasant user auth experience.
This is now an option using login page hinting. Configure it for certain domains or by passing request parameters and your users will proceed directly to their third party identity provider.
If you want to send a user directly to an IdP, append the idp_hint parameter. It might look like idp_hint=f318afe5-84d9-44ac-a32c-8a3d270e6d45 where the GUID is the identity provider id to which the browser should be redirected. If you’d rather have FusionAuth do the mapping, use the login_hint parameter, which looks like login_hint=example.com. If you have configured an identity provider to manage example.com, FusionAuth will forward to that identity provider’s page.
Import those refresh tokens
If you are migrating to FusionAuth, typically you are using the Import Users API, perhaps with a custom password encryptor. You usually want to minimize impact on your users due to migration of a production system.
With this release you can now import refresh tokens issued by a different user management system. FusionAuth will continue to honor those tokens. Rather than forcing a user to log in at migration, when clients present the old refresh token, new JWTs will be issued. Score one for smooth, transparent migrations.
Application email templates
If you are building out a private label application, having application specific email templates for common flows keeps you from unnecessarily creating tenants. With this release, you can configure the following templates on an application by application basis:
- Passwordless
- Email verification
- Setup password
- Change password
See the email templates documentation for more on configuring and customizing your templates.
Pin your session no longer
Previous to the 1.19 release, you needed to use sticky sessions (aka session pinning) for the FusionAuth administrative user interface and the FusionAuth login pages. Now, if you run more than one FusionAuth node fronted by a load balancer, you do not have to enable session pinning. The applications are now stateless.
Multi-tenant single-sign-on (SSO)
This was a limitation prior to this release due to the way we managed the HTTP session. Now FusionAuth can handle true multi-tenant SSO using the hosted login pages. Users can sign in to multiple applications in different tenants in the same browser.
In addition to these features, there were other bugs squashed and GitHub issues resolved as well. Please see the release notes for the full breakdown of the changes between 1.18 and 1.19.
If you’d like to upgrade your FusionAuth instance, see our upgrade guide. If you have a licensed plan with support, open a support request from your account dashboard and we’ll take care of you. Or, if you’d like to download and use FusionAuth, check out your options.
