Hiya @harish_reddy ,

That's a cool idea. We don't have any plans to do so right now.

@ronn316 Awesome, glad you got it the way you want it and thanks for sharing the update with the community!

@ccurtis Are you able to create the Administrator account?

@netstack said in Setting fusionauth-app.http.cookie-same-site-policy to none in Version 1.4x:

https://github.com/FusionAuth/fusionauth-issues/issues/1414

It does look like the fusionauth-app.http.cookie-same-site-policy has been deprecated as of ver 1.37.0 and I do not know of another way to set it. As browsers are moving away from 3rd party cookies, I think this makes sense.

There are a few options.

the admin UI application is in the default tenant and can't be moved, so add all other users to a new tenant. This adds an additional layer of separation use the IP ACLs function if you are on the enterprise plan use a proxy and have the proxy filter out traffic that doesn't originate from the office network and is requesting anything with the FusionAuth admin UI client id (which is immutable)

@mike123 Can you please try with a capital "S" vs lowercase "s?"

php -S localhost:9012 -t public

@matth Hmmm. Well it should work. If it doesn't, that's a bug.

But in this case, we need to decide to change the linking strategy. If it set to email, this approach will generate new users, rather than linking social login.

Sure, that would be a problem. You'd need to store the GH login id and make sure the user associated it somehow. It's a thorny problem because at the end of the day, the user has decided not to make their email available.

I thought it could be possible because reconcile Lamba would receive a user access token as a parameter. At least such an idea appeared when I saw the lambda signature.

I don't see where the user access token is presented to the GH api. Maybe I'm missing something.

@alex-nebula99 This video might be helpful. You have to turn on webhooks in two places.

@gabriel-rod-cas-10 The way I read the migrate option is that, once migrated, future authentications will use FusionAuth and not the connector. The user will still be created in any case.

Depending on what you are trying to accomplish and why, there can be some other ways to work around. We do have APIs and other extensibility points that would allow you to delete a user and that sort of thing.

@daniel-b Can you please give us a little more information about your setup? I.E. The configuration, the version of FusionAuth you are using, the version of MySQL etc?

According to the docs FusionAuth supports MySQL 8.0 or newer. More specifically:

MariaDB and Percona may work, however these variants are not actively tested against by FusionAuth.

See MariaDB known issues on our GitHub issues.

@ronn316 Thank you so much for sharing with the community and I'm glad you got it working for you!

@ronn316 Awesome glad to see you got it working. I'm sure there is a way to use a dns name, but like I mentioned before, someone with a little more docker experience would have to help us out here. Thanks for working this through and sharing with the community.

@mark-robustelli Sorry for the late response, I just saw this. I'm using 1.48.1 and yes, FusionAuth is the IdP. Thanks for the quick response!

@ronn316 Awesome! Thanks for sharing.

@j-smutek

Hi, after a long bit of working on this issue.
I am quite certain that it is caused by setting a valid certificate in the configuration.
It happens when you configure it directly in the fusionauth.properties file ssl. Everything appears to work, then you find out you cannot create or edit tenants, and other areas do not work randomly. I would just get at no response in the browser and then this buffer overflow in your logs.. I struggled for quite some time with this. Just writing here so if someone else comes to this point.. Just stop and install a reverse proxy problem solved.

I also think honestly fusionauth's quick guide should include setup with caddy and/or nginx with ssl certs. Really I think it would be best to remove ssl setings and force users to setup a reverse proxy as it is simple to do. But I see that you maybe want flexibility here. I have done this now with Caddy and it works flawlessly.

Thanks again for a great product though and great community support.
Authfusion is by far the easiest alternative to Indentity Server for .net and probably the easiest auth server I found.

@theraloss said in Prevent sending "locale" query string to the redirect URL?:

locale=en_US

When you query the user, does anything show up in the preferred languages? Also, are you using the FusionAuth hosted login pages?

Have you used a network monitor to see if the the local is put into the query string by FusionAuth or the IdP?

It is possible to configure in this way.
You can customize the forgot password email template to display the generated changePasswordId rather than using it as part of the URL.

Two pages will need to be customized for the theme:

Forgot password sent - update this to forward the user to the “Change password form” page. One option to perform this redirect is to use a meta refresh tag Change password form - the default template uses a hidden element to submit the changePasswordId. You can use another form field that the user fills out to submit the code.

FusionAuth hosted pages will require the verification code and updated password to be submitted on the Change Password form page.
Please also note the potential security implications of shortening the verification code to 4 digits instead of the default 32 encoded bytes.