FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. pclark
    3. Posts
    P
    • Profile
    • Following 0
    • Followers 0
    • Topics 7
    • Posts 16
    • Best 5
    • Controversial 0
    • Groups 0

    Posts made by pclark

    • RE: Fusion not leaving maintenance mode

      @randall

      Don't know your OS, but in case your error is related to what I found on a recent Windows/Postgres install:
      https://fusionauth.io/community/forum/topic/2219/maintenance-mode-db-creation-fails-without-message-with-postgresql-15-on-windows

      posted in General Discussion
      P
      pclark
    • Maintenance Mode DB creation fails without message with PostgreSQL 15 on Windows

      On Windows Server 2022, installed postgres 15, then attempted to install FusionAuth app and search (1.40.2). When Maintenance Mode came up, entered postgres user and password, used default fusionauth user and password, and clicked submit. Page came back to Maintenance Mode screen without any error message. Log showed stack trace with

       Cause: org.postgresql.util.PSQLException: ERROR: permission denied for schema public
      

      Looking in postgres list of dbs, saw the fusionauth db had been created with UTF8 for Collate and Ctype params. Looking at the advanced installation instructions, saw manual db setup for Windows required:

      CREATE DATABASE fusionauth ENCODING 'UTF-8' LC_CTYPE 'English_United States' LC_COLLATE 'English_United States' TEMPLATE template0;
      

      Was able to use these instructions to create the db and user, then Maintenance Mode was able to complete table creation and setup.
      If not possible for Maintenance Mode to detect that the db is on Windows, would be great to have an error message instead of having to interpret the log file trace.

      posted in Q&A
      P
      pclark
    • Install as Windows Service hangs on creating EventLog source

      Attempt to install app (result below) and search (not shown) as Windows services:

      From cmd run as Administrator:

      c:\fusionauth\fusionauth-app\bin>FusionAuthApp.exe /install
      
      Installing service FusionAuthApp...
      Service FusionAuthApp has been successfully installed.
      Creating EventLog source FusionAuthApp in log Application...
      

      Then nothing happens. After about 10-15 minutes I gave up, ctrl-c out. The app is able to run.

      posted in Q&A
      P
      pclark
    • RE: Set up SSL for Netty

      @voidmain Thank you!

      posted in Q&A
      P
      pclark
    • RE: Set up SSL for Netty

      Is adding an SSL cert to the keystore as described in https://fusionauth.io/docs/v1/tech/admin-guide/securing "Custom Certificate Authority" functionally equivalent to adding the cert to a standalone keystore, then using that keystore in Tomcat via the server.xml config file? Or is the "Custom Certificate Authority" for a different use?

      posted in Q&A
      P
      pclark
    • Set up SSL for Netty

      With the switch from Tomcat to Netty in 1.37, is it possible to add an SSL certificate directly to Netty, as was possible with Tomcat? Perhaps via some configuration file?

      Related post:
      https://fusionauth.io/community/forum/topic/180/is-it-possible-to-set-up-ssl-for-fusionauth-directly

      posted in Q&A
      P
      pclark
    • Does deprecation of JavaScript Google Platform Library affect FusionAuth Google Identity Provider?

      Received a notification from Google that they're discontinuing Google Sign-In JavaScript Platform Library for web (https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html). They provided us "a list of your client ID(s) that use the legacy Google Sign-In web solution" and the only item was the client id we set up for FusionAuth's Google identity provider.

      Will this affect the Google identity provider in FusionAuth, and if so, is it on the roadmap to be updated?

      posted in General Discussion
      P
      pclark
    • RE: .net core - Signature validation failed. Unable to match key: kid:

      Two ideas:

      • Does it help to specify the key id when creating your test SymmetricSecurityKey?
      var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes( "My secret from application config" ) ) { KeyId = "Your Key Id" };
      
      • You don't specify which algorithm you're using to sign your tokens. If you're using SymmetricSecurityKey, ensure you're using an symmetric algorithm to sign your tokens.
      posted in General Discussion
      P
      pclark
    • RE: Notification of new FusionAuth versions

      Thanks. I believe the RSS feed for the release announcements will work for us.

      posted in Q&A
      P
      pclark
    • Notification of new FusionAuth versions

      Is there an easy way to be notified when a new version of FusionAuth is released? I'm subscribed to your general email list, but am looking for something simple that just happens for a new version. I see there's an endpoint at https://metrics.fusionauth.io/api/latest-version that I could poll, but wondering if there's a better way, perhaps through GitHub, or if there's a way to only get version update emails from your mailing list.

      posted in Q&A
      P
      pclark
    • RE: I've written a password encryption plugin I want to share. Where can I share it?

      In case it helps anyone, a version of the ASP.NET Core Identity PasswordHasher HashPasswordV3

      package com.mycompany.fusionauth.plugins;
      
      import javax.crypto.SecretKey;
      import javax.crypto.SecretKeyFactory;
      import javax.crypto.spec.PBEKeySpec;
      import java.nio.charset.StandardCharsets;
      import java.security.InvalidKeyException;
      import java.security.NoSuchAlgorithmException;
      import java.security.spec.InvalidKeySpecException;
      import java.security.spec.KeySpec;
      import java.util.Base64;
      import io.fusionauth.plugin.spi.security.PasswordEncryptor;
      
      /**
      * Example password hashing based on Asp.Net Core Identity PasswordHasher HashPasswordV3.
      */
      public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor implements PasswordEncryptor {
      
        @Override
        public int defaultFactor() {
          return 10_000;
        }
      
        @Override
        public String encrypt(String password, String salt, int factor) {
          if (factor <= 0) {
            throw new IllegalArgumentException("Invalid factor value [" + factor + "]");
          }
      
          SecretKeyFactory keyFactory;
          try {
            keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
          } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No such algorithm [PBKDF2WithHmacSHA256]");
          }
      
      	int keyLength = 32; // numBytesRequested
      	byte[] saltBytes = Base64.getDecoder().decode(salt); // assumes Base64 encoded salt. saltSize: 16 bytes
      
          KeySpec keySpec = new PBEKeySpec(password.toCharArray(), saltBytes, factor, keyLength * 8);
          SecretKey secret;
          try {
            secret = keyFactory.generateSecret(keySpec); // subkey
          } catch (InvalidKeySpecException e) {
            throw new IllegalArgumentException("Could not generate secret key for algorithm [PBKDF2WithHmacSHA256]");
          }
      	
      	byte[] outputBytes = new byte[13 + saltBytes.length + secret.getEncoded().length];
      	outputBytes[0] = 0x01; // format marker
      	WriteNetworkByteOrder(outputBytes, 1, 1);
      	WriteNetworkByteOrder(outputBytes, 5, factor);
      	WriteNetworkByteOrder(outputBytes, 9, saltBytes.length);
      	System.arraycopy(saltBytes, 0, outputBytes, 13, saltBytes.length);
      	System.arraycopy(secret.getEncoded(), 0, outputBytes, 13 + saltBytes.length, secret.getEncoded().length);
      	
      	return new String(Base64.getEncoder().encode(outputBytes));
        }
        
        private static void WriteNetworkByteOrder(byte[] buffer, int offset, int value)
        {
      	buffer[offset + 0] = (byte)(value >> 24);
      	buffer[offset + 1] = (byte)(value >> 16);
      	buffer[offset + 2] = (byte)(value >> 8);
      	buffer[offset + 3] = (byte)(value >> 0);
        }
      }
      
      package com.mycompany.fusionauth.plugins;
      
      import org.testng.annotations.DataProvider;
      import org.testng.annotations.Test;
      import static org.testng.Assert.assertEquals;
      
      public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptorTest {
        @Test(dataProvider = "hashes")
        public void encrypt(String password, String salt, String hash) {
          ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor encryptor = new ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor();
          assertEquals(encryptor.encrypt(password, salt, 10_000), hash);
        }
      
        @DataProvider(name = "hashes")
        public Object[][] hashes() {
          return new Object[][]{
              {"MyExamplePassword", "CVsv6SwPJr7WDrVvAb+7aw==", "AQAAAAEAACcQAAAAEAlbL+ksDya+1g61bwG/u2ssOcnQU6Q2xo9tmijJv0zM2GsxeOl04NSpXRsAveBBag=="},
          };
        }
      }
      
      posted in Q&A
      P
      pclark
    • RE: Production mode required change from localhost to explicit IP in database url property

      Thanks for your response. The only thing I did was try to set up as close to a "standard" Windows installation as possible, then changed FusionAuth to Production mode. Will say that the DB (MySQL 8.0.22) is on the same machine as FusionAuth, so the fact that additional resources solved a timing issue wasn't surprising. I'm no MySQL expert, so very well could have been solved by a setup/configuration issue there.

      posted in Comments & Feedback
      P
      pclark
    • RE: Production mode required change from localhost to explicit IP in database url property

      Two updates:

      • The workaround to use the explicit IP instead of localhost only works sometimes, indicating that there continues to be some kind of timing/timeout issue in Production mode, but not in Development mode.
      • Adding a second processor seems to have actually fixed the issue.
      posted in Comments & Feedback
      P
      pclark
    • Production mode required change from localhost to explicit IP in database url property

      Running on Windows Server 2019 with MySQL 8, FusionAuth v1.21.0. Not sure if this is a bug or just related to my own configuration.
      Changed FusionAuth from Development mode to Production mode, and then couldn't connect to the database.
      Database connection url property was:

      jdbc:mysql://localhost:3306/fusionauth?serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
      

      After digging a little on the following errors, I worked around the issue by changing the database connection url property to the machine's explicit IP, and was able to connect.

      jdbc:mysql://xxx.xxx.xxx.xxx:3306/fusionauth?serverTimezone=UTC&useSSL=false&allowPublicKeyRetrieval=true
      

      For reference:
      Tomcat startup showed these errors:

      SEVERE: Exception sending context initialized event to listener instance of class [io.fusionauth.app.primeframework.FusionAuthAppPrimeServletContextListener]
      org.primeframework.mvc.PrimeException
              at org.primeframework.mvc.guice.GuiceBootstrap.initialize(GuiceBootstrap.java:77)
              at org.primeframework.mvc.servlet.PrimeServletContextListener.contextInitialized(PrimeServletContextListener.java:61)
              at com.inversoft.maintenance.servlet.MaintenanceModePrimeServletContextListener.contextInitialized(MaintenanceModePrimeServletContextListener.java:45)
              at io.fusionauth.app.primeframework.FusionAuthAppPrimeServletContextListener.contextInitialized(FusionAuthAppPrimeServletContextListener.java:26)
              at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4689)
              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5155)
              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412)
              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402)
              at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
              at java.base/java.lang.Thread.run(Thread.java:832)
      

      FusionAuth log showed these errors:

      2020-11-24 11:11:05.863 AM ERROR com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Exception during pool initialization.
      com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
      The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
      	at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174)
      
              ...several hundred lines of stack...
      
      Unable to start the server. Here's why: 
      [Error in custom provider, com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Communications link failure
      
      The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.] 
      	-> [class com.zaxxer.hikari.pool.HikariPool$PoolInitializationException] Failed to initialize pool: Communications link failure
      
      
      posted in Comments & Feedback
      P
      pclark
    • RE: Windows install directory problem

      Thank you.
      https://github.com/FusionAuth/fusionauth-issues/issues/971

      posted in Comments & Feedback
      P
      pclark
    • Windows install directory problem

      Ran the install script on Windows Server 2019 to "C:\Program Files". In multiple places in the startup.bat script, the files and directories referenced by "%~dp0" are not quoted, meaning it gets set to "C:\Program". After fixing those, something within the fusionauth-app still appears to have a directory reference issue also.
      One workaround is obviously installing to a directory without spaces. Would be nice to have the default install process work to the typical Windows program directories.

      posted in Comments & Feedback
      P
      pclark