Hiya @vidur-punj !

Yup, you can do this with theming.

More here: https://fusionauth.io/docs/v1/tech/themes/

Hiya @johnmiller ,

FusionAuth uses Hikari to handle connection pooling. I'm not familiar with how they interact, but this SO answer seemed useful: https://stackoverflow.com/questions/56581582/hikaricp-apache-dbcp2-and-pgbouncer

If you are using PgBouncer, then you definitely don't need HikariCP around.

But unfortunately, FusionAuth can't be configured not to use HikariCP.

Can you explain why you need pgbouncer and how that's helping you?

Hiya @gregorio ,

Hmmm. That seems really weird. Did you ever sort this out?

@gcasson-ceo

I'm not familiar with Ionos, but if you can run a database and the OS is linux, windows or mac, you should be able to run FusionAuth.

Reading the system requirements will help you determine if the Ionos shared plan offers enough RAM and other resources: https://fusionauth.io/docs/v1/tech/installation-guide/system-requirements

@carlnapiercook Hmmm. Sorry about this.

Did you solve this? Can you recreate on a later version of FusionAuth?

Hiya @dobritos11 !

I assume you mean 1.32.1 as the version. Please let me know if I'm incorrect.

Which screen are you trying to edit the redirect URL from?

Any steps documenting what you are trying to do that you can provide would be helpful.

@alec-kustanovich I'm not quite sure what you are asking for here.

Are you talking about how to create the link to the SAML identity provider outside of FusionAuth?

Or are you talking in particular about the code that is provided to you at the end of the start API call, as documented here: https://fusionauth.io/docs/v1/tech/apis/identity-providers/samlv2#start-a-saml-v2-login-request

@udayvignan-varma Can you let us know what Callback URL you are trying to use? Also do you have the correct authorized URLs set up in your application in the development environment? Is there any more information available with the responses you are seeing?

@benjamin Hmmm.

I'm not quite sure what the issue is, because we do specify salted-pbkdf2-hmac-sha256-512 in the import script:

https://github.com/FusionAuth/fusionauth-import-scripts/blob/master/keycloak/import.rb#L151

The migration guide says:

"The encryptionScheme for this plugin is salted-pbkdf2-hmac-sha256-512."

So when you write:

Hello Dan, I found the fix, at least for my test instance, seems that pbkdf2-sha256 maps to salted-pbkdf2-hmac-sha256 rather than salted-pbkdf2-hmac-sha256-512.

Do you mean that pbkdf2-sha256 is the value from Keycloak and it only worked when you used salted-pbkdf2-hmac-sha256 in FusionAuth, or something else?

What version of Keycloak are you migrating from?

Without understanding your setup completely, is the callback happening in a server-to-server call? If so, localhost doesn't work.

For example when I wanna call the elastic search container from fusion auth, I cannot call it as http://localhost:9200. For instance if the setup is

fusionauth-search: image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0 container_name: fusionauth-search environment: cluster.name: fusionauth networks: - data-layer restart: unless-stopped ports: - '9011:9011'

I will need to call it via http://fusionauth-search:9200. You can also see such a setup in Fusion Auth's documentation on setting up Fusion Auth in docker-compose at https://fusionauth.io/docs/v1/tech/installation-guide/docker. You notice that the URLs will refer to the container names.

I hope this helps.

Hiya @chris-2,

So you'd like to have the claim that is not linked be set if present in the response? Would that solve your problem? Or is there some other solution that would solve your needs?

The reason we don't allow those claims to be changed in the lambda is that it's an escalation possibility.

One option (for a subset of your use cases) would be to store the value that is delivered from the identity provider in the user.data.email claim which is used for email specific functionality when no email address is available on the user.

Hiya @bhavin-panchal !

I'm not sure I understand your question.

Can you rephrase it?

Thanks.

@billyudi We are working on a update to the upgrade guide which will discuss how to map the new theme files and changes.

You can follow along with it here:

https://github.com/FusionAuth/fusionauth-site/pull/2166

I get your larger question though, which is, if I customize my theme, and then I upgrade from 1.45 to 1.46 and 1.46 introduces a new themed page, what does that new themed page look like?

Have you tried testing this out?

@ctorres Awesome, thanks for sharing your process!

Hiya @egli !

Thanks for posting it on GitHub issues. Please share the link so others discovering this issue can upvote it or see the progress on it.

Currently there's no way to limit the inputs on the default select box.

Two options.

Since you are using a custom form, you could create your own select list with just the languages you want to support.

Store this to a different value (user.data.custom_preferred_languages). You could then set up a user.create.complete webhook to copy the value of user.data.custom_preferred_languages to user.preferredLanguages`. That way this language will be used in the future. (The initial email won't have that info, however).

Another option would be to have a javascript function that would run whenever the user.preferredLanguage select box is displayed, and would trim the values down to what you desire.

I realize this isn't the smoothest, but it should get you the control you want.

@alex-2 Hmmm, curious.

What is the redirect URI or redirect URIs of the application configuration?

Is there any additional debug information when you run this in the iOS simulator?

Where are you running FusionAuth? Is the SSL certificate self-signed?

Are you using a webview? That's not typically recommended, as using safari (ASWebAuthenticationSession, to be precise) is the better path. One possible solution would be to use AppAuth, an iOS library, and see if the issue is present there.

Hiya @anirudh-vekariya!

There is no way to do this.

Since tenants are designed to be logically separate, FusionAuth has no concept of a user that spans tenants. I would not expect this to be something to be built into FusionAuth because of that.

Hope this helps.

@bradley-kite said in OIDC and Azure AD Groups:

Is there a way I can get an access token from within the Lambda?

👋 hiya @bradley-kite !

I haven't tested this, but there should be a refresh token stored in the identity provider link (since you are using OIDC). If you can retrieve that, you should be able to get a new access token, and then present that to azure ad.

https://fusionauth.io/docs/v1/tech/apis/identity-providers/links#retrieve-a-link

Look for identityProviderLink.token.

@egli This is not currently possible, but will be released in 1.47: https://github.com/FusionAuth/fusionauth-issues/issues/1738

@matthieu , that is understandable. Keep in mind if you are adding a lot of products often, you can use the APIs to help create and manage those permissions.

I.E. Create an Application Role, Create an Entity, Update a User Registration (for updating roles)