Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    1. Home
    2. Recent
    Log in to post
    • All categories
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • V

      UNSOLVED FusionAuth as SAML relying party and custom login pages
      Q&A • • varunghaswala

      4
      1
      Votes
      4
      Posts
      19
      Views

      dan

      @varunghaswala said in FusionAuth as SAML relying party and custom login pages:

      <ns3:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol"
      xmlns:ns4= "http://www.w3.org/2001/04/xmlenc#" Version="2.0" ProviderName="${idpName}" ID ="${CODE_FROM_FUSIONAUTH}" IssueInstant ="{issueInstant}"
      Destination="${idpEndpoint}" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="${acsUrl}">
      <Issuer>${issuer}</Issuer>
      <ns3:NameIDPolicy Format="${nameIdFormat}" AllowCreate="false" />
      </ns3:AuthnRequest>`;

      Ah, great, so it is the ID which needs to be used as the code. I will update the documentation. Thanks so much for confirming.

    • U

      UNSOLVED Get password on password change or password forgot
      Q&A • • ursache.rarress

      2
      0
      Votes
      2
      Posts
      1
      Views

      dan

      @ursache-rarress

      Thanks for using FusionAuth!

      Getting the password via API is not possible.

      If you want to migrate away from FusionAuth and need the password hash for that purpose, you can use a database export.

      In general, if you are using FusionAuth as your auth server, passwords should remain within FusionAuth and no where else.

    • B

      SAML response does not contain role
      General Discussion • • bvb1992bvb

      1
      0
      Votes
      1
      Posts
      2
      Views

      No one has replied

    • Z

      UNSOLVED Login with facebook does not set user's name and picture
      Q&A • • zidstol.komp

      1
      0
      Votes
      1
      Posts
      6
      Views

      No one has replied

    • S

      UNSOLVED jwt expiration time
      Q&A • • sandiprghane

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • F

      UNSOLVED Wrong logout URL being returned ?
      Q&A • • francis.ducharme

      3
      0
      Votes
      3
      Posts
      412
      Views

      dan

      @francis-ducharme Hi Francis,

      Is this still an issue? I'd review your application configuration (in the 'Applications' tab) to double check that the logout url is correct there.

      Also, it'd be helpful to know the version of FusionAuth you are running.

    • B

      Base32 encoded secret is null
      General Discussion • • bvb1992bvb

      2
      0
      Votes
      2
      Posts
      12
      Views

      dan

      @bvb1992bvb The community edition supports TOTP for MFA, but you have to build your own 'auth setup' page using the APIs and QR code generation libraries.

      The account self service pages are part of the paid edition feature set. Those appear to be what you are viewing, but if that's not the case, please let us know.

      You can get a free trial of the starter plan for a month from the pricing page: https://fusionauth.io/pricing if that is of interest.

    • S

      UNSOLVED Get list of enabled MFA methods, with methodId
      Q&A • • stephen.saucier 0

      9
      0
      Votes
      9
      Posts
      90
      Views

      dan

      @stephen-saucier-0, This was resolved in 1.36.

      https://github.com/FusionAuth/fusionauth-issues/issues/1585

    • dan

      UNSOLVED quesiton about retrieving logs
      Q&A • • dan

      2
      0
      Votes
      2
      Posts
      13
      Views

      dan

      In general, you'll use the JSON defined in the API documentation to build the request. Unfortunately, the Search Event Logs API doc doesn't have sample JSON (I filed an issue) but it does have the fields: https://fusionauth.io/docs/v1/tech/apis/event-logs#search-event-logs

      You can also find the EventLogSearchRequest in the client code:

      https://github.com/FusionAuth/go-client/blob/master/pkg/fusionauth/Domain.go#L1545

      This points at https://github.com/FusionAuth/go-client/blob/master/pkg/fusionauth/Domain.go#L1534

      However, I'm not sure searching event logs gets you what you are trying to accomplish:

      My goal is to grab all the last events, login..., from a specific user based on his email by example.

      You probably want to search login records: https://fusionauth.io/docs/v1/tech/apis/login#search-login-records

      https://github.com/FusionAuth/go-client/blob/master/pkg/fusionauth/Domain.go#L3145

      https://github.com/FusionAuth/go-client/blob/master/pkg/fusionauth/Domain.go#L3134

    • D

      UNSOLVED About azure AD v2 vs v1 and FusionAuth
      Q&A • • devops 0

      5
      1
      Votes
      5
      Posts
      36
      Views

      D

      Now using v2 endpoints (passing the code_challenge and the code_challenge_method to retrieve the authorization token https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow). Fusionauth Microsoft OpenIDConnect provider returns the next error:

      Request to the [https://login.microsoftonline.com/<tenant-id>/oauth2/token] endpoint failed. Status code [400]. Error response is { "error" : "invalid_grant", "error_description" : "AADSTS50148: The code_verifier does not match the code_challenge supplied in the authorization request for PKCE.\r\nTrace ID: c0836075-1551-45ad-9fce-9b7a7716d201\r\nCorrelation ID: 16f33aed-50eb-461a-9740-66299e56fe58\r\nTimestamp: 2022-05-12 15:57:26Z", "error_codes" : [ 50148 ], "timestamp" : "2022-05-12 15:57:26Z", "trace_id" : "c0836075-1551-45ad-9fce-9b7a7716d201", "correlation_id" : "16f33aed-50eb-461a-9740-66299e56fe58", "error_uri" : "https://login.microsoftonline.com/error?code=50148" }

      I assume that this is because there is no way to pass this challenge code. Also i Notice that the url used by fusionauth to get the token is a v1 endpoint https://login.microsoftonline.com/<tenant-id>/oauth2/token. So i ask again, is there a way to use v2 endpoints and code_challenge to complete the login flow for Microsoft OpenIdConnect providers?

    • V

      UNSOLVED Using custom login page while implementing SSO
      Q&A • • vindhyahegde2114

      2
      0
      Votes
      2
      Posts
      13
      Views

      dan

      @vindhyahegde2114

      At this time, SSO is only supported if you use the hosted login pages:

      Additionally, when you use the hosted login pages, FusionAuth provides transparent single sign on (SSO) between applications as well as support for localization of the user interface.

      https://fusionauth.io/docs/v1/tech/core-concepts/integration-points#hosted-login-pages

      There's an open issue to expose SSO management via an API: https://github.com/FusionAuth/fusionauth-issues/issues/1515

      Please vote it up and/or add a comment about your use case if you'd like.

      As a reminder, here's our roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap

    • R

      Disable email verification on user signup (via create user and registration combined API)
      General Discussion • • raomuneeb.khalil

      3
      0
      Votes
      3
      Posts
      111
      Views

      R

      @dan Thanks for your reply. I have tested the case after disabling Allow implicit verification option along with setting skipVerification field as true but still FusionAuth marking the email as verified.

      BTW, I did not receive the email of your reply as there is a typo in the name you mentioned (should be . in place of -). 🙂

    • M

      UNSOLVED Fail to create admin account
      Q&A • • marengoapp

      1
      0
      Votes
      1
      Posts
      10
      Views

      No one has replied

    • Q

      SOLVED JWT claims and Identity Provider
      Q&A • • quent

      3
      0
      Votes
      3
      Posts
      23
      Views

      Q

      @dan Thank you, yes I can use lamba, i did give it a try and it works fine 🙂
      The authentication type does works too, but maybe more in a "workaround way".

      Thanks

    • A

      fusionauth websockets?
      General Discussion • • audrew31

      5
      1
      Votes
      5
      Posts
      28
      Views

      A

      @dan Sorry, so fusionauth interface doesn't provide the user's online status info when jwt provided?

    • N

      reset fusionauth using the cli
      Comments & Feedback • • nicholas.tsaoucis

      2
      0
      Votes
      2
      Posts
      10
      Views

      dan

      @nicholas-tsaoucis

      Sorry to hear that!

      You should be able to use the API key from the kickstart file to reset the password of a user. The easiest way is probably to use the Update User API: https://fusionauth.io/docs/v1/tech/apis/users#update-a-user

    • S

      SDK/Client library for Rust?
      General Discussion • • soloblacksoul

      2
      1
      Votes
      2
      Posts
      18
      Views

      dan

      @soloblacksoul Hiya. Thanks for considering FusionAuth!

      We don't have plans for a rust client.

      If you are looking to do the authorization code exchange, I'd look at the client library listed here: https://oauth.net/code/rust/

      If you are looking to do management of FusionAuth with rust, I'd evaluate building an OpenAPI client: https://fusionauth.io/docs/v1/tech/client-libraries/openapi

      If you provide the command to build the rust SDK, I'd happily add it to the github readme.

      While it is marked as experimental, there are no plans to change that support.

    • P

      Group application roles getting removed
      General Discussion • • paul.fink

      3
      0
      Votes
      3
      Posts
      35
      Views

      P

      @dan Issue created here:
      https://github.com/FusionAuth/fusionauth-issues/issues/1717

    • D

      UNSOLVED FusionAuth Microsoft OpenIDConnect indentity provider login PKCE issues
      Q&A • • devops 0

      3
      0
      Votes
      3
      Posts
      29
      Views

      D

      @dan Good afternoon... Thanks for answering... Yeah, it is duplicated.. Sorry it is the first time for me using the FA Forum and Because of that i made the mistake to duplicate the POST.

      So, please go ahead and remove this one. Thank you

    • I

      User IDs and Ternant IDs are encrypted in the database. How do i view the data?
      Q&A • • innocent.dzapasi

      4
      0
      Votes
      4
      Posts
      12
      Views

      dan

      Also, they are not encrypted, they are just UUIDs being stored in a compact fashion.