Q&A

• 

  What open source and commercial packages are known to work with FusionAuth?
  open source commercial compatibility packages • • dan  

  5
  0
  Votes
  5
  Posts
  108
  Views

  H

  Directus Open-Source Headless CMS & API

  Directus is an open-source tool for managing content across all your omni-channel digital experiences. (Directus homepage : https://directus.io/ )

  FusionAuth Provider for OAuth 2.0 Client

  This package provides FusionAuth OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

  https://github.com/jerryhopper/directus-oauth2-fusionauth

• 

  SOLVED Why is FusionAuth so awesome?
  • robotdan  

  2
  1
  Votes
  2
  Posts
  42
  Views

  

  Because... reasons.

• 

  What level of performance can we expect with using FusionAuth as an IdP?
  faq from-slack performance • • dan  

  2
  0
  Votes
  2
  Posts
  35
  Views

  

  We have load tested our medium deployments to roughly 20 logins per second. It can vary quite a bit. We ship with PBKDF2 and a factor of 24,000. That configuration is the primary limiter to how many passwords we hash per second.

  Tune it up to bcrypt factor 14, and it may take 3-5 second per hash. You can also tune the factor down from the default scheme to increase logins per second - it is a trade-off between security and performance.

  And you can change these settings at the tenant or user levels: https://fusionauth.io/docs/v1/tech/apis/tenants
  https://fusionauth.io/docs/v1/tech/apis/users

• 

  Does a managed account on fusionauth.io support a custom domain?
  faq from-slack domains managed-account • • dan  

  2
  0
  Votes
  2
  Posts
  23
  Views

  

  It depends, if you’re on an Enterprise hosting plan we can configure a certificate with your domain. So if your app is running at acme.com - we can add a certificate so that you can create a DNS CNAME record to our service using login.acme.com (for example) .

  More on our plans here: https://fusionauth.io/pricing

• 

  Unable to create a registration using the .NET core client
  client-library user-api dotnet • • dan  

  4
  1
  Votes
  4
  Posts
  20
  Views

  

  @robotdan Ah, I missed that. I was looking at the response section, which had the registration. Thanks!

• 

  Can you run FusionAuth in kubernetes?
  faq kubernetes runtimes • • dan  

  2
  2
  Votes
  2
  Posts
  28
  Views

  

  FusionAuth installs nearly anywhere and on anything, including Docker. More on your installation options here: https://fusionauth.io/docs/v1/tech/installation-guide/

  At this time, the FusionAuth community supports Kubernetes. You can learn more here: https://github.com/FusionAuth/fusionauth-containers and get community supported, unofficial helm charts here: https://github.com/FusionAuth/charts

  If you're interested in commercial support for running FusionAuth in Kubernetes, please contact us to discuss: https://fusionauth.io/contact or vote on the issue: https://github.com/FusionAuth/fusionauth-issues/issues/607

• 

  Can I use hosted FusionAuth with a 'sensitive' google scope?
  faq oauth from-slack google • • dan  

  2
  1
  Votes
  2
  Posts
  7
  Views

  

  If you have purchased a high availability hosting plan we can configure additional URLs for you - such as login.example.com - and then FusionAuth would be in the same domain as your own application, and you'd be able to verify the domain.

• 

  Is there a way to customize the Two Factor Code message that comes when the twilio integration is enabled?
  faq configuration from-slack twilio sms • • dan  

  2
  0
  Votes
  2
  Posts
  3
  Views

  

  This is not currently available.

  The plan is to build out SMS templates that can localized and customized but no timelines have been determined.

• 

  Seeing userState of AuthenticatedNotRegistered
  faq oauth user from-slack • • dan  

  2
  0
  Votes
  2
  Posts
  10
  Views

  

  That message means the user is not registered for the application you’re logging into. If you create a registration for the user you’ll see Authenticated.

  More on this here: https://fusionauth.io/community/forum/topic/5/can-you-limit-a-user-s-login-authentication-access-to-applications-within-a-single-tenant/2

• 

  Cannot login with login API?
  • dan  

  2
  0
  Votes
  2
  Posts
  16
  Views

  

  If you are using the Login API (/api/login) - this does not create an SSO session.

  The FusionAuth Login pages do not currently use the access_token or refresh_token cookies for session management.

  If you want the SSO feature - you need to use the FusionAuth login pages. This is the strategy outlined in the 5 minute setup guide: https://fusionauth.io/docs/v1/tech/5-minute-setup-guide

  We do have a feature open to switch to token based SSO so that this use case would work: https://github.com/FusionAuth/fusionauth-issues/issues/358

• M

  What happens after asymmetric key expiration?
  • mgetka  

  7
  1
  Votes
  7
  Posts
  35
  Views

  

  Well, since we're talking about behavior based on a fix that isn't written yet, things are a bit theoretical.

  Here's one approach we'd consider. An expired key pair cannot be used to sign a JWT, so we would either have to generate a new key pair ahead of the expiration, or start failing login operations. The former is a better user experience, so a user will either have to regenerate the key, or we would do it based upon a configured policy.

  Also, wanted to be clear that we are aware of this limitation, which is why we set the default expiration period to 10 years (so we have a bit of time to solve this in the best way possible).

  Hope this helps. Let me know if you don't have the information you need.

• 

  How can I make sure FusionAuth is running when I start it via docker-compose?
  docker docker-compose troubleshooting • • dan  

  2
  0
  Votes
  2
  Posts
  11
  Views

  

  A good way to test the app is up and running is to run docker logs 27e4c9edd311 where 27e4c9edd311 is the docker container id, which is found by running docker ps|grep fusionauth.

  If you are using docker-compose, you can also run docker-compose logs -f fusionauth.

  Look in the logs for any errors. On successful startup, you'll see this message (with perhaps a different version message):

  --------------------------------------------------------------------------------------------------------- ------------------------------- Starting FusionAuth version [1.16.0-RC.1] ------------------------------- ---------------------------------------------------------------------------------------------------------
• 

  Is it possible to set up DB replication using MySQL for FusionAuth db?
  faq database mysql • • dan  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  As long as your meet our minimum database requirements in theory it should work. I do know that MySQL Group Replication is not supported.

• 

  Do you offer premium or enterprise support for self hosted instances?
  faq self hosted support • • dan  

  2
  0
  Votes
  2
  Posts
  8
  Views

  

  Yes. You can view our plans here: https://fusionauth.io/pricing

  Each plan has the same level of support whether you are hosting with FusionAuth or in your own cloud or data center.

• 

  Can we use all the features with the self hosted version?
  faq self hosted pricing features • • dan  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  You always get the same features whatever level you are at no matter where you host. That is to say, if you have a premium plan, you can host or we can, the features are the same. If you use the community edition, the features are the same no matter where you host.

  However, there are feature differences between the premium and community plans. More here: https://fusionauth.io/pricing

• 

  Does FusionAuth support high availability database configurations?
  faq database availability • • dan  

  2
  0
  Votes
  2
  Posts
  9
  Views

  

  Yes. We don't have any specific guidance around using MySQL and PostgreSQL in an high availability configuration. However, it should work. This document discusses the various possible architectures at a high level: https://fusionauth.io/docs/v1/tech/installation-guide/server-layout

  It is worth noting that MySQL group replication will not work. It requires a primary key on each table. We do not meet this requirement and have no plans to adjust the schema for this style of replication to work. Other types of replication that do not require a PK on every table should work.

  The particulars of DB clustering are outside of the scope of what we can assist with, however.

• 

  Why isn't FusionAuth open source?
  faq license open source • • dan  

  6
  0
  Votes
  6
  Posts
  42
  Views

  

  Hiya,

  I got an answer for you about sunset provisions.

  We have discussed source code escrow options with clients in the past. We can also offer a source code release clause (in the event FusionAuth goes out of business). However, these are only options if you are on an Enterprise plan with a custom contract.

  Hope that helps you make the right decision for your application(s).

• 

  Is there a way to have a user who logs out of an application go back to wherever they started from at login?
  faq login logout • • dan  

  2
  0
  Votes
  2
  Posts
  5
  Views

  

  You can use the post_logout_redirect_uri query parameter on the logout endpoint to configure where a user ends up after logout.

  More here: https://fusionauth.io/docs/v1/tech/oauth/endpoints

• 

  If we're hitting the .well-known endpoint, is there any way to select which tenant we're obtaining the manifest for?
  faq oauth tenant • • dan  

  2
  0
  Votes
  2
  Posts
  6
  Views

  

  Yes, you can provide the tenantId on the request as a parameter. More information here: https://fusionauth.io/docs/v1/tech/oauth/endpoints#openid-configuration

• 

  Is there an api to force a reindex of the users?
  user search reindex • • dan  

  2
  0
  Votes
  2
  Posts
  4
  Views

  

  No, but you can flush the index: https://fusionauth.io/docs/v1/tech/apis/users#flush-the-search-engine . From that doc:

  This will cause any cached data to be written to disk.