RE: IdentityProvider pop out window

Thank you for the swift responses. We have added the origins to our OAuth config which fixed our initial "X-Frame-Options" Deny issue. However, this wouldn't fix our problem with Azure returning it and safari blocking the rendering.

It doesn't look like we are able to change any config in Azure to change the Deny value, unless anyone has any suggestions.

Our domains are as follows;

env.myapp.io -> iframe[ 3rdparty.io --SAMLv2--> auth.myapp.io --SAMLv2--> login.microsoftonline.com]

any suggestions?

@dan that link doesnt really suggest anything which looks implementable without either changing a library in FusionAuth or using OpenID.

Hi,

we are looking for a mechanism to migrate users into our system, we are planning a segment/team by segment approach. However, users will not have passwords managed with FusionAuth, they will login via a login provider (SAMLv2 based). We need to migrate details about users into fusion in advance of the user first accessing the system. Is there a good way to create/migrate users into FusionAuth without a password being required as they will never need to login with one?

Thank you for the swift responses. We have added the origins to our OAuth config which fixed our initial "X-Frame-Options" Deny issue. However, this wouldn't fix our problem with Azure returning it and safari blocking the rendering.

It doesn't look like we are able to change any config in Azure to change the Deny value, unless anyone has any suggestions.

Our domains are as follows;

env.myapp.io -> iframe[ 3rdparty.io --SAMLv2--> auth.myapp.io --SAMLv2--> login.microsoftonline.com]

any suggestions?

@dan that link doesnt really suggest anything which looks implementable without either changing a library in FusionAuth or using OpenID.

Hi,

is there a way to pop out the IdentityProvider login screen rather than navigate within the same window?

I am are seeing an issue within an iframe where using FusionAuth a 3rd party SP-initiated SAML authentication. When the user is directed back to fusionAuth within an iframe they are presented with a login window again. At this point they click the identity provider button to initiate the SAML flow. However, AzureAD returns "X-Frame-Options Deny" which in safari blocks any further progress. This is only an issue with safari, but that does include safari on the desktop and IOS devices.

Flow e.g.
My App -> iframe[3rd Party --SAMLv2--> FusionAuth --SAMLv2--> AzureAD]

If we are able to pop out the IdentityProvider flow into a separate window, this would negate the issue. I am also open to any other suggestions at this point.

We're already using that to populate claims details, but the documentation implies this is the JWT payload only and not the header

Hi,

We have a 3rd party integration to whom we are sending our JWTs, they have prescribed they need the JKU populated in the JWT header for them to correctly verify the token. I seem to be struggling to find any documentation or mention of how or even if it is possible to configure the jku header in the JWT. Is there a way to get the jku header to be populated correctly?

FusionAuth version 1.22.2

Hi All,

I'm looking to implement RBAC with FusionAuth on a new project. We have a need to manage 3 levels of permissions.

• User Access (granular permission claims)
• User Position (user type, would be good to be able to allocate access claims to Position types)
• User Teams (collection users that work together)

I have a couple of approaches I have been evaluating, my preference would be a solution where all 3 could managed within FusionAuth. However, I only see 2 manageable pieces to play with, Roles and Groups. Currently, if I want everything to be managed within FusionAuth, I believe my only option would be to use Roles within FA to represent User Positions, and Groups to represent User Teams. This would mean loosing the granular controls we would like to implement.

Hopefully someone could help point me to an implementation that would allow us to manage all 3 aspects within FusionAuth