@dan Also, depending on the workflow, if a user does NOT federate but does NOT check "trust this computer" they will NOT establish "MFA trust". Without trust, a user will be prompted to MFA again. Of couruse, With "MFA trust", they will not be prompted. This answer is implicit to this conversation, but MFA policies and FusionAuth center around this check box and trust (with the current edge case of Federation noted).
administrators
-
RE: Friction-free multi application SSO with MFA enabled
-
RE: Friction-free multi application SSO with MFA enabled
For future readers, here are two relevant GitHub issues on this topic.
Please feel free to upvote those issues and/or add comments about your use case. GitHub issue upvotes and comments are the main way for community members to provide roadmap feedback to the FusionAuth team.
-
RE: I want to load users from an LDIF file
FusionAuth has a bunch of import scripts, but one that you are probably most interested in is the CSV importer, which takes a CSV file and then calls the user import API.
Here's the link: https://github.com/FusionAuth/fusionauth-import-scripts/tree/main/csv
Of course, LDIF is not CSV.
Instead of using a CSV gem to get the list of users and their attributes, use a gem that can read LDIF. Here's a candidate. https://www.rubydoc.info/gems/ruby-ldap/0.9.19/LDAP%2FLDIF.parse_file but I'm not sure what the state of the art for ruby LDIF parsing is nowadays.
If you pursue this, please submit a PR to that repo because there may be other folks who want to import users from LDIF
An alternative would be to have them manipulate the LDIF file into CSV and import that using the csv importer. See https://www.google.com/search?client=firefox-b-1-d&q=ldif+to+csv for some examples on how to do the LDIF->CSV transformation.
-
I want to load users from an LDIF file
I have an LDAP server and can export out users to an LDIF file. I want to import these users into FusionAuth. What are my options?
-
RE: I am having issues upgrading my containerized version of FusionAuth
Ensure that the source machine that is building your image is the correct architecture type.
For instance, if you are building a K8's cluster running linux (x86) but have built the image locally on a Apple M2 Mac (ARM based), then you will need to instruct docker to use the
build x
command to build a multi-platform build or change the source build machine. -
RE: Seeing " OAuth return is missing a valid CSRF token" message
If this is isolated to one user it's happening to that's usually because the user is trying the flow across browsers or devices instead of completing the whole flow inside 1 browser.
For example, they might be requesting the Change Password on their phone but then open up their email on a desktop and click the link. Thus the desktop browser would be missing the CSRF token from the beginning of the flow.
This can also happen if they request it on Chrome, but click the link in the email in Firefox (or even Incognito/Private browser vs normal).
If it is more widespread (across many users) then it is probably something else, like a theme issue.
-
Seeing " OAuth return is missing a valid CSRF token" message
I have an issue. When someone resets their password, they get a link in their email. Then when they click it, they get an error message:
OAuth return is missing a valid CSRF token
and see a FusionAuth error screen.How can I solve that?
-
I am having issues upgrading my containerized version of FusionAuth
I'm seeing this message:
exec /usr/local/fusionauth/fusionauth-app/bin/start.sh: exec format error
when I try to upgrade FusionAuth. I'm running containers.
-
RE: Error in startup after upgrading to 1.51.2
@ronn316 I believe there was an database change that was required in 1.50 https://fusionauth.io/docs/release-notes/#version-1-50-0
You will need to check the upgrade info
https://fusionauth.io/docs/operate/deploy/upgradespecifically the database migration in silent mode
https://fusionauth.io/docs/operate/deploy/upgrade#downtime-and-database-migrations -
RE: How do I call a Google API or retrieve the Google credentials?
I do this all the time and keep meaning to create a post on codingcat.dev for it instead of hitting Jeff's site for it all the time. In the meantime I would suggest checking this out it always works for me