@john-spellman can you tell us a little more about your set up and situation? Was it working before? What changed? Can the one user still log into prod? The more detail you give the easier it will be for someone to help. Please do not post any passwords or secrets.

Posts made by mark.robustelli
-
RE: Users are unable to log in to FusionAuth
-
RE: Get user email in claims with saml
@laurent-bartet awesome! So it sounds like you had things set up right, you just were not logged out, so when you went back the reconcile event never took place cause you were already logged in. Is that right?
-
RE: Get user email in claims with saml
@laurent-bartet hmm.., since the lambda seems to be set up correctly but appears to not be hitting, let's take a step back and look at the configuration. Can you tell me a little more about that? What identity providers you are using and how they are configured? I read you are using SAML, but it appears in the log that you are using OAuth2. If you are using OAuth2, you might be able to use a JWT populate lambda in that case, but would like to know more about your setup.
-
RE: Get user email in claims with saml
@laurent-bartet Since it is a SAML reconcile lambda, do you have it assigned to the Identity Provider?
Settings -> Identity Providers -> {Your SAML v2 Identity Provider} -> Edit -> Reconcile Lambda
-
RE: Localhost:9011 cant reach this page
@arnel-terblanche Can you tell us a little more about your setup? Is this a first time install? Was it working before? Is this a docker image you are trying to run? Please provide more details.
-
RE: Get user email in claims with saml
What kind of Lambda did you create? Did you assign the Lamba to the application?
If it was SAML V2 Poulate then make sure it is assigned to your application.
Applications -> {Your Application} -> SAML tab -> Authentication response -> Populate Lambda -> {Choose the lambda you created}
Also make sure you have Debug enabled set on the Lambda.
Let me know if this helps.
-
RE: Get user email in claims with saml
@bartetlau Have you had a chance to check out FusionAuth Lambdas? Specifically, SAML v2 Populate Lambda? Does that get you what you need?
-
RE: How to setup OAuth properly
@altear147 Awesome that you are making progress and thanks for keeping the post updated. I'll keep an eye on the thread, and if other issues come up, let us know.
-
RE: How to setup OAuth properly
@altear147 also did you grant these scopes in the google config?
-
RE: How to setup OAuth properly
@altear147 Thanks for taking the time to work with this. It is generally a pretty straight forward process taking no more than 5 minutes. I am out of the office this week, but will try to get some time to replicate what you are going through. I want to make sure I am working on the right thing, so just want to confirm that we have the same end goal. You want the 'Login with Google' button to work for an Application you created within FusionAuth, right?
-
RE: How to setup OAuth properly
@altear147 looks like you are getting closer. If I go back to your screenshot of the provider configuration page, it looks like the scope input box is empty. Three common scopes to include are email, profile, and openid.. Please add the correct scope(s) and let me know if that works for you.
-
RE: How to setup reverse proxy for an SSO session bootstrap
@joseantonio When you add the response_type=code. That should be literal 'response_type=code' not response_type={code} where {code} is some secret. Other than that, you can add additional parameters to the query string if needed. As long as you are not passing secrets in the query string you should be ok.
-
RE: How to setup OAuth properly
@altear147 OK, it looks like the redirect_uri does not match what is configured in the application. Can you make sure you are supplying the correct uri?
This can be found under: Applications -> Edit -> OAuth tab
-
RE: how can i learn FusionAuth?
@cybermark0707 That is a bit of a loaded question. If you have something more specific in mind, please let me know but the following should be a good start.
Overall:
Getting StartedIf you are a developer and want to get hands on with an example, check out:
Quickstarts -
RE: How to setup reverse proxy for an SSO session bootstrap
@joseantonio using the response_type=code should be fine, let me know how it goes.
-
RE: How to setup OAuth properly
@altear147 OK, let's try this. Go into the FusionAuth AdminUI.
Go to Applications
Find your application
select View
find the OAuth2 & OpenID Connect Integration details section
copy theOAuth IdP login URL
use that for the value of the url. Let me know if that works.
-
RE: How to setup OAuth properly
@altear147 can you try to use application Id of the application in FusionAuth for the client_id instead of the google client id and see if that works?
-
RE: How to setup OAuth properly
@altear147 Can you please give the full text (minus any secrets) of the error?
-
RE: How to setup OAuth properly
@altear147 is the error referring to the FusionAuth application client id or the Google Client Id? Is the error coming form FusionAuth or Google?
-
RE: How to setup OAuth properly
@altear147 Would you mind please reposting the images. I removed them as I felt with a little work some of the private information would have been revealed with them. Please completely block the secret information.