FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. anthony.hollingsworth
    A
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 7
    • Best 1
    • Controversial 0
    • Groups 0

    anthony.hollingsworth

    @anthony.hollingsworth

    1
    Reputation
    2
    Profile views
    7
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    anthony.hollingsworth Unfollow Follow

    Best posts made by anthony.hollingsworth

    • RE: Error validating SAML logout request

      Found the cause and the solution with the help of Joshua on support

      The SAML logout request was generated by a library we are using, saml2-js. It seems this library had an outstanding pull request to fix the SAML logout request to add in the nameid_format attribute to the nameid element in the logout request. Setting this attribute solved the problem, as per Joshua's suggestion:

      Ideally, when completing a logout request, FusionAuth is provided a Name Id format of:
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
      or
      urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

      posted in General Discussion
      A
      anthony.hollingsworth

    Latest posts made by anthony.hollingsworth

    • RE: Error validating SAML logout request

      Found the cause and the solution with the help of Joshua on support

      The SAML logout request was generated by a library we are using, saml2-js. It seems this library had an outstanding pull request to fix the SAML logout request to add in the nameid_format attribute to the nameid element in the logout request. Setting this attribute solved the problem, as per Joshua's suggestion:

      Ideally, when completing a logout request, FusionAuth is provided a Name Id format of:
      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
      or
      urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

      posted in General Discussion
      A
      anthony.hollingsworth
    • Error validating SAML logout request

      Hi

      We have just started with Fusion Auth using a purely SAML integration and have hit an issue with a service proivder intiated logout request

      We think we have the configuration correct but after the user is redirected to the fusion auth logout page a call is made from the UI to the following end point, which results in the error shown below

      https://fa-dev.elateral-dev.io/samlv2/logout/complete

      The SAMLRequest and signiture validate ok for us in a saml validation tool, guessing its some sort of configuration we have wrong.

      fusionauth 2023-09-26 09:44:25.959 AM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
fusionauth java.lang.NullPointerException: null
fusionauth     at java.base/java.util.ImmutableCollections$ListN.indexOf(ImmutableCollections.java:716)
fusionauth     at java.base/java.util.ImmutableCollections$AbstractImmutableList.contains(ImmutableCollections.java:329)
fusionauth     at io.fusionauth.api.service.samlv2.DefaultSAMLv2ProviderService.validateRequest(DefaultSAMLv2ProviderService.java:522)
fusionauth     at io.fusionauth.api.service.samlv2.DefaultSAMLv2ProviderService.validateLogoutRequest(DefaultSAMLv2ProviderService.java:466)
fusionauth     at io.fusionauth.app.action.samlv2.logout.CompleteAction.lambda$post$0(CompleteAction.java:53)
fusionauth     at io.fusionauth.app.action.samlv2.BaseSAMLAction.handleSAMLException(BaseSAMLAction.java:111)
fusionauth     at io.fusionauth.app.action.samlv2.logout.CompleteAction.post(CompleteAction.java:41)
fusionauth     at jdk.internal.reflect.GeneratedMethodAccessor475.invoke(Unknown Source)
fusionauth     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
fusionauth     at java.base/java.lang.reflect.Method.invoke(Method.java:568)
fusionauth     at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
fusionauth     at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:77)
fusionauth     at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:60)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:50)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:45)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:113)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
fusionauth     at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
fusionauth     at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
fusionauth     at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:72)
fusionauth     at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
fusionauth     at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
fusionauth     at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
fusionauth     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
fusionauth     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
fusionauth     at java.base/java.lang.Thread.run(Thread.java:833)

      Any help much appreciated!

      posted in General Discussion
      A
      anthony.hollingsworth
    • RE: newbie question on error from call to

      @mark-robustelli Hi

      Just to provide an update. We resolved the situation after finding this identical issue posted since I created my ticket

      https://github.com/FusionAuth/fusionauth-issues/issues/2474

      So we did the same workaround of turning on Require Registration and creating a registration for our users

      posted in Q&A
      A
      anthony.hollingsworth
    • RE: newbie question on error from call to

      @mark-robustelli
      Hi,
      I don't recognise that as a placeholder for us, would you have any idea what end point that might be calling in our saml integration or what field in the application is being used. The thing that puzzles me is that we have not got oauth2 enabled as far as I know, we are doing a pure saml2 integration so I'm not sure what that complete call back is doing

      posted in Q&A
      A
      anthony.hollingsworth
    • RE: newbie question on error from call to

      @mark-robustelli Hi
      Finally realised I had access to the logs for the pod that the service is being hosted in. So the error we get for the https://fa-dev.elateral-dev.io/oauth2/two-factor-enable-complete call is

      2023-09-15 03:03:57.925 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
      java.lang.NullPointerException: Cannot read field "verified" because "<local1>" is null
      at io.fusionauth.app.action.oauth2.BaseOAuthAction.next(BaseOAuthAction.java:923)
      at io.fusionauth.app.action.oauth2.TwoFactorEnableCompleteAction.post(TwoFactorEnableCompleteAction.java:42)
      at jdk.internal.reflect.GeneratedMethodAccessor317.invoke(Unknown Source)
      at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.base/java.lang.reflect.Method.invoke(Method.java:568)
      at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:443)
      at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:77)
      at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:60)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:50)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:45)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:49)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:74)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:113)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
      at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
      at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
      at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:72)
      at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
      at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
      at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
      at java.base/java.lang.Thread.run(Thread.java:833)

      posted in Q&A
      A
      anthony.hollingsworth
    • RE: newbie question on error from call to

      @mark-robustelli Hi, thanks for the suggestion, I turned on debug for the application but I don't see anything in the logs with error, they all appear to be debug entries relatig to the saml passing to and fro. Still scratching my head 🙂

      posted in Q&A
      A
      anthony.hollingsworth
    • newbie question on error from call to

      We are evaluating Fusion Auth to provide a basic user login process for our system.

      We have created:

      A tenant with the following settings:
      Multi-Factor -> Policies -> On login -> Enabled
      Authenticator Settings -> Enabled: true

      An application associated with the tenant with just SAML setup.

      With Multi-factor on as above, the user is prompted to setup MFA when they first attempt to login after setting their password. MFA setup goes fine, however, on completion of the setup the following call is made and returns a 500 error.

      https://fa-dev.elateral-dev.io/oauth2/two-factor-enable-complete

      With the following message

      We're sorry, your request was malformed or was unable to be completed for some reason. Try hitting the back button and restarting the process to see if it fixes the problem.

      When we test with Multi-factor turned off, the user is invited and can update their password and then proceed to login successfully.

      Any ideas on what is causing the 500 error or where we might look to get a better description of the error would be much appreciated

      posted in Q&A
      A
      anthony.hollingsworth