Thanks so much for writing this up @sswami !

Hi @alex,

Yes, you are correct -- there is not a configuration for setting the host within FusionAuth. There are workarounds, but it sounds like you were able to find the most optimal solution using cloud network configuration settings.

Thanks,
Josh

Hi @rvogelgsang,

Sorry to hear you are having trouble! If you had a bit more details that might be helpful.

For instance:

What environment you are running FusionAuth in and what client package you are using? Sounds like maybe our typescript client? Where are you setting the custom ID and what errors are you seeing? An example code snippet if possible Additional context about what you are trying to achieve in your code etc

If this is ultimately a bug, we can file a bug report as well. Thanks and let us know!

Thanks,
Josh

No, this is not currently possible. Here's an open issue, please upvote it if this is a crucial feature: https://github.com/FusionAuth/fusionauth-issues/issues/1082

One alternative to repeating content would be to use some kind of generation system outside of FusionAuth (freemarker, handlebars) to generate text files. Then you'd then upload as the email templates via the API.

Use docker?

This error is related to FusionAuth not being able to communicate to nodes over TLS in a multinode environment.

Two things you will want to check-

If you are using self-signed certs (TLS)

You will need to add any self-signed certificates to your Java Truststore.

If you are using a signed cert from a certificate authority

Make sure you have properly integrated that cert into your TLS

Lastly, If you are on a secure private backplane, you can simply communicate over non-TLS (HTTP).

Once FusionAuth can establish a connection, then the caching issues should remedy themselves. In a multi-node environment, the first node is kickstarted with its own cache and then attempts to inform all other nodes to refresh their cache. If this "master node" cannot communicate (in this case due to not have the right security cert), then you will see errors such as above.

Thanks,
Josh

Hiya,

We have 4 different options for that.

https://fusionauth.io/docs/v1/tech/guides/api-authorization/

Client credentials is the most straightforward, but requires a paid license. The other options are outlined in detail in that doc.

You can find our RPM and DEB packages on the direct downloads page: https://fusionauth.io/direct-download/

@naughtly-keller or @sander

Not sure if one of you were the creator of this?

https://next-auth.js.org/providers/fusionauth

or if not, at the very least I wanted to pass along the additional info that is now available 🙂

Thanks,
Josh

Can we do something like this through the UI interface too?

This is not currently possible. Creating the User, and creating a User Registration are two separate steps. As you correctly stated, when creating the user in the UI, there is no context yet for an application. For this reason, the user will receive the template configured at the tenant level.

Or is this only possible through the API?

Correct. You must use the Create "User + Registration" API to do this in one step to use the application template for setup password.

If I register a user with both applications (through the API) which email do they get?

When using the API to Create "User + Registration" you can only register for one application at a time. The email is only sent during the User Create step, so if you register for a second application, the user will already exist and thus will not receive a second email.

@rahimisajad

I can't think of any built-in ways to do this. I am curious if you could elaborate on how you built out OTP using the JWT API?

Also, can you elaborate a bit on this. Additional details might be helpful.

The solution I have in mind is to manage sessions myself, but I don't know if this is a safe way to go or not.

Thanks,
Josh

@egis

Yes, if you are using our hosted pages, they are themeable through the Freemarker templating language. See our documentation below:

https://fusionauth.io/docs/v1/tech/themes/

FusionAuth themes allow you to customize the OAuth2 / OpenID Connect login pages and other user workflows such as forgot password. In FusionAuth you may create one to many themes and assign a theme per tenant or application so that you can customize the user experience for different users.

Thanks,
Josh

@jsp

I am personally not aware of any repos that are community-driven proving this integration. However, from the AWS doc

HTTP 500: Internal server error Possible causes: You configured an AWS WAF web access control list (web ACL) and there was an error executing the web ACL rules. The load balancer is unable to communicate with the IdP token endpoint or the IdP user info endpoint. Verify that the security groups for your load balancer and the network ACLs for your VPC allow outbound access to these endpoints. Verify that your VPC has internet access. If you have an internal-facing load balancer, use a NAT gateway to enable internet access.

In referencing above:

Have you confirmed that your WAF has the correct entries? For the second part, have you verified that you have access to the token, and userinfo endpoint from AWS to Fusionauth?

/oauth2/idpresponse?code=[xxx]&locale=en_US&state=[xxx]&userState=Authenticated.

The "Authenticated" part of your return URL is encouraging.

You can also view all FusionAuth logs (you may have already) here:
https://fusionauth.io/docs/v1/tech/troubleshooting/#logs
for additional clues.

Thanks,
Josh

@kunal

Can you provide a copy of the error that you are receiving?

If you could also provide any other implementation details that would also be helpful in diagnosing. Such as what URL you are attempting to access?

Also, when you say normal authentication flows can you provide a bit more detail? One of the wonderful things about FusionAuth is that it can handle a wide variety of Auth scenarios and setups. Getting more details on your particular implementation would be helpful.

Thanks,
Josh

@elliotdickison

Have you had a chance to review our documentation on setting up themes and localization here?

https://fusionauth.io/docs/v1/tech/themes/localization/

Thanks,
Josh

To follow on to what Joshua said, it might be helpful to review some of the troubleshooting docs: https://fusionauth.io/docs/v1/tech/troubleshooting/ and see if they help.

@amar-sibia

We have a general guide that covers migration. This might not solve your immediate problem, but could also offer you some insights as well on a broader scale.

https://fusionauth.io/docs/v1/tech/guides/migration/#:~:text=Migrate when a user authenticates,user's system of record changes.

Connectors come to mind for this use case, but I am not 100 percent certain they fit your use case.
https://fusionauth.io/docs/v1/tech/connectors/

Or possibly using the user API to ingest from your SAML provider beforehand but setting up dummy passwords (seems less secure, however 🙂 ).
https://fusionauth.io/docs/v1/tech/apis/users/

Let me consider this further and I will post back any thoughts.

Thanks,
Josh

You could look at the password last update timestamp (passwordLastUpdateInstant) which is an attribute on the user.

See if there's been any change since the initial email send (or since the issue). If there had been no change, you should be able to resend the email.

Sure, you can migrate the database. I'd make sure that the versions of FusionAuth are the same.

Here's another similar topic: https://fusionauth.io/community/forum/topic/1091/migrating-users-from-one-server-to-another-how-to-do-it