Topics created by andres.garcia

@andres-garcia Do you mean for a given user? Or in general?

In general, you want to set the Tenant Session Timeout setting: https://fusionauth.io/docs/v1/tech/core-concepts/tenants#oauth

I believe that redirecting the user to the FusionAuth authorize url will extend the session (and the doc above implies it: The length of time an SSO session can be inactive before it is closed.).

I'd have to test that behavior.

Have you tried it?

@andres-garcia Sorry for the late response, kinda slammed.

https://fusionauth.io/docs/v1/tech/samlv2/#limitations says

FusionAuth supports only the following NameIDPolicy values:

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

So it seems like that isn't supported. Please feel free to file an issue https://github.com/fusionauth/fusionauth-issues/issues referencing this forum post and explaining you'd like this new NameIDPolicy value to be supported.

If you are a customer with a support contract, it's helpful if you file a support ticket as well. This helps us prioritize future work.

@andres-garcia

I might lack a bit of context, but I think that

user is already created on FusionAuth

You do have the option to choose how FusionAuth will look for users on the tenant (more in the documentation). So you might have FusionAuth look for your user in an external LDAP connector, firstly, for instance.

So I was trying to do it that way because I can't provision the service async using the webhooks.

Is this a limitation of your architecture/design or a limitation you are finding within FusionAuth

Thanks,
Josh
FusionAuth

Apologies for reviving a months-old thread, but I'm new on this forum and I'm hunting for similar info. I came across your post about SSO using the /api/login endpoint in FusionAuth.
From what I've learned recently, the login API doesn't currently support SSO. The hosted login pages, on the other hand, provide a bunch of functionalities, including SSO. So, for now, it seems like using the standard hosted login page is the way to go.