FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. benjamin
    3. Posts
    B
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 5
    • Best 4
    • Controversial 0
    • Groups 0

    Posts made by benjamin

    • Issues Refreshing Cache

      We are trying out FusionAuth in clustered (more than 1 replica in Kubernetes). We are seeing this message a lot in the logs:

      2023-08-17 06:29:20.688 PM ERROR io.fusionauth.api.service.cache.DistributedCacheNotifier - Failed to request a cache reload for [Applications, IdentityProvider, Keys] on [http://fusionauth.qa.svc.cluster.local:9011]. Status Code [-1]
Took [15015] ms
java.net.SocketTimeoutException: Read timed out
	at java.base/sun.nio.ch.NioSocketImpl.timedRead(NioSocketImpl.java:283)
	at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:309)
	at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350)
	at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803)
	at java.base/java.net.Socket$SocketInputStream.read(Socket.java:966)
	at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
	at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:284)
	at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:343)
	at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:791)
	at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:726)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1688)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
	at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:529)
	at com.inversoft.rest.RESTClient.go(RESTClient.java:403)
	at io.fusionauth.api.service.cache.DistributedCacheNotifier.callReload(DistributedCacheNotifier.java:201)

      Our YAML file looks something like this:

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: fusionauth
  namespace: qa
spec:
  replicas: 1
  selector:
    matchLabels:
      app: fusionauth
  template:
    metadata:
      labels:
        app: fusionauth
    spec:
      containers:
        - name: fusionauth
          image: fusionauth/fusionauth-app:1.47.1
          ports:
            - containerPort: 9011
          env:
            - name: FUSIONAUTH_APP_MEMORY
              value: "2G"
            - name: FUSIONAUTH_APP_RUNTIME_MODE
              value: "production"
            - name: FUSIONAUTH_APP_URL
              value: "http://fusionauth.qa.svc.cluster.local:9011"
            - name: FUSIONAUTH_APP_USER_SEARCH_INDEX_NAME
              value: fusionauth-qa-user
            - name: FUSIONAUTH_APP_ENTITY_SEARCH_INDEX_NAME
              value: fusionauth-qa-entity
            - name: SEARCH_TYPE
              value: "elasticsearch"
            - name: PROXY_PORT
              value: "80"
            - name: DATABASE_CONNECTION_TIMEOUT
              value: "300000"
            - name: DATABASE_MAXIMUM_POOL_SIZE
              value: "20"
            - name: DATABASE_CONNECTION_HEALTHCHECK_99PERCENT_MS
              value: "1000"
            - name: FUSIONAUTH_SEARCH_ADDITIONAL_JAVA_ARGS
              value: "-Xms128m -Xmx2048m"
          resources:
            requests:
              cpu: "2000m"
              memory: "2.5Gi"
            limits:
              cpu: "4000m"
              memory: "3Gi"
---
apiVersion: v1
kind: Service
metadata:
  name: fusionauth
  namespace: qa
spec:
  type: ClusterIP
  ports:
    - port: 9011
  selector:
    app: fusionauth

      I tested it by installing CURL in the FusionAuth image, it resolves the URL.

      posted in Q&A
      B
      benjamin
    • RE: Importing users from Fusion Auth to KeyCloak

      @dan You folks may want to update the documentation and potentially the ruby script you guys provide so people won't panic like we did lolz.

      posted in Q&A
      B
      benjamin
    • RE: Importing users from Fusion Auth to KeyCloak

      @dan Hello Dan, I found the fix, at least for my test instance, seems that pbkdf2-sha256 maps to salted-pbkdf2-hmac-sha256 rather than salted-pbkdf2-hmac-sha256-512.

      This seems to make the Ruby script work and also it works on our own internal update scripts in the test instance.

      posted in Q&A
      B
      benjamin
    • RE: Token not received inside Docker with Express JS

      Without understanding your setup completely, is the callback happening in a server-to-server call? If so, localhost doesn't work.

      For example when I wanna call the elastic search container from fusion auth, I cannot call it as http://localhost:9200. For instance if the setup is

        fusionauth-search:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
    container_name: fusionauth-search
    environment:
      cluster.name: fusionauth
    networks:
      - data-layer
    restart: unless-stopped
    ports:
      - '9011:9011'

      I will need to call it via http://fusionauth-search:9200. You can also see such a setup in Fusion Auth's documentation on setting up Fusion Auth in docker-compose at https://fusionauth.io/docs/v1/tech/installation-guide/docker. You notice that the URLs will refer to the container names.

      I hope this helps.

      posted in Q&A
      B
      benjamin
    • Importing users from Fusion Auth to KeyCloak

      I tried using the Ruby to import users into a tenant from KeyCloak, the script threw no errors but I am unable to login using the password. The password works in KeyCloak but not in FusionAuth. The Fusion Auth version I am using is 1.45.3 and Key Cloak version is 21.1.1.

      Anybody had this issue before?

      posted in Q&A migration migrate users keycloak
      B
      benjamin