@dalamenona This error is coming from Prometheus right? Is there a way to get it to tell you which metric is being reported? If not, could you set up a network monitor and capture the traffic that is being sent to narrow down the metric being sent by FusionAuth that is causing the problem? Maybe then we can look into why FusionAuth is sending the conflicting data.
Group Details
Private
FAQ Posters
Users who have rights to post in the FAQ category.
Member List
-
RE: Prometheus is dropping samples with duplicate timestampsposted in General Discussion
-
RE: Use Microsoft Graph API with FusionAuth entra loginposted in Q&A
@oliver-muthusami Have you looked at what Entra ID returns in the reconcile lambda?
-
RE: Interpreting FusionAuth's Prometheus metricsposted in General Discussion
@dalamenona I see your point about the Database_primary_pool_MaxConnections being set to 20 on the value for usage being reported above that. Browsing around the web, I came across something that said Database_primary_pool_Usage is over the lifetime of the application, but can't seem to find the source now. You also make a valid point about around the other data defenitions. It may make sense to do a deeper dive into HikariCP sources in general. There may be some answers there.
Anyone here familiar with these numbers?
It may also make sense for you to open an issue with FusionAuth as it is not clear to me if these numbers are coming from FusionAuth or HikariCP.
-
RE: Interpreting FusionAuth's Prometheus metricsposted in General Discussion
@fabio-venturi I am not familiar with Prometheus, but I asked the AI on the FusionAuth site and it came back with.
Database_primary_pool_Usageis a Prometheus metric exposed by FusionAuth which reports how much of the primary database connection pool is currently in use. It lets you see whether your HikariCP pool is close to exhaustion and is useful for capacity and health monitoring. [Monitor Prometheus]In the Prometheus UI you can graph it by entering
Database_primary_pool_Usagein the expression box and executing the query. [Monitor Prometheus]It said it based the answer on the page you found, but I don't know enough to say for certain. Does this make sense to you?
-
RE: fusion auth not changing the value of cookies named with account.at, account.rt after logoutposted in Q&A
@marcel-beutner If you have found a bug, you may want to report it using the FusionAuth Issues.
-
RE: Unable to sort by fullName when formatted as "lastName, firstName"posted in Q&A
I just did a search on 1.61.0 in the Admin UI and my results were sortable by the name. Can you give us the exact query you used to use the search API and the search you used in the search bar? I am curious to see if that returns something different.
-
RE: How can I configure session timeout on the admin panel?posted in Q&A
@rachel-flatt There are a couple of settings you can take a look at. If you go to Applications -> FusionAuth and look at the OAuth tab, you should see the Session timeout. Is this what you are looking for? The other is the Applications -> FusionAuth -> Edit -> JWT -> Refresh Token Settings -> Refresh Token duration. This is set to 60 minutes, for a 3600 second duration.
I found this post that may help as well.
-
RE: Claims to check when using google as an idp for google workspaceposted in Q&A
You should start by checking the relevant google documentation.
As of writing, this is what their doc says:
Using the email, email_verified and hd fields, you can determine if Google hosts and is authoritative for an email address. In the cases where Google is authoritative, the user is known to be the legitimate account owner, and you may skip password or other challenge methods.
Cases where Google is authoritative:
email has a @gmail.com suffix, this is a Gmail account. email_verified is true and hd is set, this is a Google Workspace account.Users may register for Google Accounts without using Gmail or Google Workspace. When email does not contain a @gmail.com suffix and hd is absent, Google is not authoritative and password or other challenge methods are recommended to verify the user. email_verified can also be true as Google initially verified the user when the Google account was created, however ownership of the third party email account may have since changed.
So in this case, you want to check that
hdis set as well as thatemail_verifiedis true.With FusionAuth, you can check this using a reconcile lambda and looking at the
id_token: -
Claims to check when using google as an idp for google workspaceposted in Q&A
What claims should I check when using google as an identity provider when I'm interested in making sure it is a google workspace account?
-
Docs MCP serverposted in Release
We have a docs MCP server.
This lets your MCP compatible IDE or client ask questions of all the FusionAuth docs, YouTube videos, Terraform provider, OpenAPI spec and more.
More details: https://fusionauth.io/docs/get-started/download-and-install/development/docs-mcp-server