Don't know your OS, but in case your error is related to what I found on a recent Windows/Postgres install:
https://fusionauth.io/community/forum/topic/2219/maintenance-mode-db-creation-fails-without-message-with-postgresql-15-on-windows
Posts made by pclark
-
RE: Fusion not leaving maintenance mode
-
Maintenance Mode DB creation fails without message with PostgreSQL 15 on Windows
On Windows Server 2022, installed postgres 15, then attempted to install FusionAuth app and search (1.40.2). When Maintenance Mode came up, entered postgres user and password, used default fusionauth user and password, and clicked submit. Page came back to Maintenance Mode screen without any error message. Log showed stack trace with
Cause: org.postgresql.util.PSQLException: ERROR: permission denied for schema public
Looking in postgres list of dbs, saw the fusionauth db had been created with UTF8 for Collate and Ctype params. Looking at the advanced installation instructions, saw manual db setup for Windows required:
CREATE DATABASE fusionauth ENCODING 'UTF-8' LC_CTYPE 'English_United States' LC_COLLATE 'English_United States' TEMPLATE template0;
Was able to use these instructions to create the db and user, then Maintenance Mode was able to complete table creation and setup.
If not possible for Maintenance Mode to detect that the db is on Windows, would be great to have an error message instead of having to interpret the log file trace. -
Install as Windows Service hangs on creating EventLog source
Attempt to install app (result below) and search (not shown) as Windows services:
From cmd run as Administrator:
c:\fusionauth\fusionauth-app\bin>FusionAuthApp.exe /install Installing service FusionAuthApp... Service FusionAuthApp has been successfully installed. Creating EventLog source FusionAuthApp in log Application...
Then nothing happens. After about 10-15 minutes I gave up, ctrl-c out. The app is able to run.
-
RE: Set up SSL for Netty
Is adding an SSL cert to the keystore as described in https://fusionauth.io/docs/v1/tech/admin-guide/securing "Custom Certificate Authority" functionally equivalent to adding the cert to a standalone keystore, then using that keystore in Tomcat via the server.xml config file? Or is the "Custom Certificate Authority" for a different use?
-
Set up SSL for Netty
With the switch from Tomcat to Netty in 1.37, is it possible to add an SSL certificate directly to Netty, as was possible with Tomcat? Perhaps via some configuration file?
Related post:
https://fusionauth.io/community/forum/topic/180/is-it-possible-to-set-up-ssl-for-fusionauth-directly -
Does deprecation of JavaScript Google Platform Library affect FusionAuth Google Identity Provider?
Received a notification from Google that they're discontinuing Google Sign-In JavaScript Platform Library for web (https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html). They provided us "a list of your client ID(s) that use the legacy Google Sign-In web solution" and the only item was the client id we set up for FusionAuth's Google identity provider.
Will this affect the Google identity provider in FusionAuth, and if so, is it on the roadmap to be updated?
-
RE: .net core - Signature validation failed. Unable to match key: kid:
Two ideas:
- Does it help to specify the key id when creating your test
SymmetricSecurityKey
?
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes( "My secret from application config" ) ) { KeyId = "Your Key Id" };
- You don't specify which algorithm you're using to sign your tokens. If you're using
SymmetricSecurityKey
, ensure you're using an symmetric algorithm to sign your tokens.
- Does it help to specify the key id when creating your test
-
RE: Notification of new FusionAuth versions
Thanks. I believe the RSS feed for the release announcements will work for us.
-
Notification of new FusionAuth versions
Is there an easy way to be notified when a new version of FusionAuth is released? I'm subscribed to your general email list, but am looking for something simple that just happens for a new version. I see there's an endpoint at https://metrics.fusionauth.io/api/latest-version that I could poll, but wondering if there's a better way, perhaps through GitHub, or if there's a way to only get version update emails from your mailing list.
-
RE: I've written a password encryption plugin I want to share. Where can I share it?
In case it helps anyone, a version of the ASP.NET Core Identity PasswordHasher HashPasswordV3
package com.mycompany.fusionauth.plugins; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.util.Base64; import io.fusionauth.plugin.spi.security.PasswordEncryptor; /** * Example password hashing based on Asp.Net Core Identity PasswordHasher HashPasswordV3. */ public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor implements PasswordEncryptor { @Override public int defaultFactor() { return 10_000; } @Override public String encrypt(String password, String salt, int factor) { if (factor <= 0) { throw new IllegalArgumentException("Invalid factor value [" + factor + "]"); } SecretKeyFactory keyFactory; try { keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("No such algorithm [PBKDF2WithHmacSHA256]"); } int keyLength = 32; // numBytesRequested byte[] saltBytes = Base64.getDecoder().decode(salt); // assumes Base64 encoded salt. saltSize: 16 bytes KeySpec keySpec = new PBEKeySpec(password.toCharArray(), saltBytes, factor, keyLength * 8); SecretKey secret; try { secret = keyFactory.generateSecret(keySpec); // subkey } catch (InvalidKeySpecException e) { throw new IllegalArgumentException("Could not generate secret key for algorithm [PBKDF2WithHmacSHA256]"); } byte[] outputBytes = new byte[13 + saltBytes.length + secret.getEncoded().length]; outputBytes[0] = 0x01; // format marker WriteNetworkByteOrder(outputBytes, 1, 1); WriteNetworkByteOrder(outputBytes, 5, factor); WriteNetworkByteOrder(outputBytes, 9, saltBytes.length); System.arraycopy(saltBytes, 0, outputBytes, 13, saltBytes.length); System.arraycopy(secret.getEncoded(), 0, outputBytes, 13 + saltBytes.length, secret.getEncoded().length); return new String(Base64.getEncoder().encode(outputBytes)); } private static void WriteNetworkByteOrder(byte[] buffer, int offset, int value) { buffer[offset + 0] = (byte)(value >> 24); buffer[offset + 1] = (byte)(value >> 16); buffer[offset + 2] = (byte)(value >> 8); buffer[offset + 3] = (byte)(value >> 0); } }
package com.mycompany.fusionauth.plugins; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import static org.testng.Assert.assertEquals; public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptorTest { @Test(dataProvider = "hashes") public void encrypt(String password, String salt, String hash) { ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor encryptor = new ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor(); assertEquals(encryptor.encrypt(password, salt, 10_000), hash); } @DataProvider(name = "hashes") public Object[][] hashes() { return new Object[][]{ {"MyExamplePassword", "CVsv6SwPJr7WDrVvAb+7aw==", "AQAAAAEAACcQAAAAEAlbL+ksDya+1g61bwG/u2ssOcnQU6Q2xo9tmijJv0zM2GsxeOl04NSpXRsAveBBag=="}, }; } }
-
RE: Production mode required change from localhost to explicit IP in database url property
Thanks for your response. The only thing I did was try to set up as close to a "standard" Windows installation as possible, then changed FusionAuth to Production mode. Will say that the DB (MySQL 8.0.22) is on the same machine as FusionAuth, so the fact that additional resources solved a timing issue wasn't surprising. I'm no MySQL expert, so very well could have been solved by a setup/configuration issue there.
-
RE: Production mode required change from localhost to explicit IP in database url property
Two updates:
- The workaround to use the explicit IP instead of localhost only works sometimes, indicating that there continues to be some kind of timing/timeout issue in Production mode, but not in Development mode.
- Adding a second processor seems to have actually fixed the issue.
-
Production mode required change from localhost to explicit IP in database url property
Running on Windows Server 2019 with MySQL 8, FusionAuth v1.21.0. Not sure if this is a bug or just related to my own configuration.
Changed FusionAuth from Development mode to Production mode, and then couldn't connect to the database.
Database connection url property was:jdbc:mysql://localhost:3306/fusionauth?serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
After digging a little on the following errors, I worked around the issue by changing the database connection url property to the machine's explicit IP, and was able to connect.
jdbc:mysql://xxx.xxx.xxx.xxx:3306/fusionauth?serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
For reference:
Tomcat startup showed these errors:SEVERE: Exception sending context initialized event to listener instance of class [io.fusionauth.app.primeframework.FusionAuthAppPrimeServletContextListener] org.primeframework.mvc.PrimeException at org.primeframework.mvc.guice.GuiceBootstrap.initialize(GuiceBootstrap.java:77) at org.primeframework.mvc.servlet.PrimeServletContextListener.contextInitialized(PrimeServletContextListener.java:61) at com.inversoft.maintenance.servlet.MaintenanceModePrimeServletContextListener.contextInitialized(MaintenanceModePrimeServletContextListener.java:45) at io.fusionauth.app.primeframework.FusionAuthAppPrimeServletContextListener.contextInitialized(FusionAuthAppPrimeServletContextListener.java:26) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4689) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5155) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832)
FusionAuth log showed these errors:
2020-11-24 11:11:05.863 AM ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization. com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174) ...several hundred lines of stack... Unable to start the server. Here's why: [Error in custom provider, com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.] -> [class com.zaxxer.hikari.pool.HikariPool$PoolInitializationException] Failed to initialize pool: Communications link failure
-
Windows install directory problem
Ran the install script on Windows Server 2019 to "C:\Program Files". In multiple places in the startup.bat script, the files and directories referenced by "%~dp0" are not quoted, meaning it gets set to "C:\Program". After fixing those, something within the fusionauth-app still appears to have a directory reference issue also.
One workaround is obviously installing to a directory without spaces. Would be nice to have the default install process work to the typical Windows program directories.