• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
  1. Home
  2. Tags
  3. oidc
Log in to post
  • All categories
  • D

    Unsolved Fusionauth integrattion with kubeoidc proxy

    Q&A
    • kubernetes fusionauth oidc • 28 Jan 2022, 19:26 • divneetsingh.m 28 Nov 2022, 11:00
    4
    0
    Votes
    4
    Posts
    1.6k
    Views

    A 28 Nov 2022, 11:00

    Proxy servers can store cached copies of sites. You will get the data from the proxy when you access a particular location.

  • D

    Limit login for SAML and OIDC to a given email domain

    Q&A
    • domain limits sso saml oidc • 23 Sept 2021, 16:21 • dan 23 Sept 2021, 16:22
    2
    0
    Votes
    2
    Posts
    954
    Views

    D 23 Sept 2021, 16:22

    Use the managed domains feature. From the docs:

    Adding one or more managed domains for this configuration will cause this provider not to be displayed as a button on your login page. Instead of a button the login form will first ask the user for their email address. If the user’s email address matches one of the configured domains the user will then be redirected to this login provider to complete authentication. If the user’s email address does not match one of the configured domains, the user will be prompted for a password and they will be authenticated using FusionAuth.

    Documentation:

    https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/

    https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/

  • T

    Lambda reconcile does not remove role from registration

    Q&A
    • azure lambda oidc reconcile registration • 12 Apr 2021, 08:34 • tl+fa 12 May 2021, 20:20
    12
    0
    Votes
    12
    Posts
    5.4k
    Views

    J 12 May 2021, 20:20

    Hi @tl-fa,

    You can view our Roadmap Guidance regarding how features are implemented into FusionAuth. A good snapshot of current development can be found here as well.

    We will certainly update any related issue cards as development moves forward!

    Thanks!
    Josh

  • E

    Using Slack as Identity Provider with OpenID for Federated Identity Management with Aspnet Core App

    Q&A
    • external identity oidc idp federation • 18 Mar 2021, 00:00 • etienne.lorthoy 16 Aug 2022, 14:09
    4
    0
    Votes
    4
    Posts
    2.5k
    Views

    D 16 Aug 2022, 14:09

    @eirikur That is awesome, thanks so much for sharing your settings.

  • D

    Getting error with OIDC identity provider

    Q&A
    • oidc jwt userinfo • 23 Feb 2021, 16:15 • dan 23 Feb 2021, 16:20
    2
    0
    Votes
    2
    Posts
    1.6k
    Views

    D 23 Feb 2021, 16:20

    That is an encoded (signed) JWT being sent in response to the user info request that the FusionAuth OIDC identity provider is making.

    This is technically allowed in the OIDC spec, but we do not currently support this response type.

    Per spec, the endpoint should support a JSON response which is the default unless the client requests a signed or encrypted response body.

    I would look at how your client is registered and see if it is asking for a JWT userinfo response at that time, and change it to be a normal JSON response. You could also file an issue detailing your needs for FusionAuth to support this user info response type.

    If that isn't an option, you could also look at using a SAML Identity Provider if the remote identity source supports that.

  • D

    SAML2 or OIDC?

    Q&A
    • saml oidc • 22 Jan 2021, 18:58 • dan 22 Jan 2021, 18:59
    2
    0
    Votes
    2
    Posts
    1.4k
    Views

    D 22 Jan 2021, 18:59

    While FusionAuth supports both well, if you have the option to use SAMl v2 or OIDC, I would always recommend OIDC.

    In general, it is much much simpler to use, debug, configure, etc.

  • D

    Modifying the issuer claim

    Q&A
    • issuer claims oidc • 4 Dec 2020, 00:38 • dan 4 Dec 2020, 00:40
    2
    0
    Votes
    2
    Posts
    3.9k
    Views

    D 4 Dec 2020, 00:40

    It sounds like you're asking if you can modify the issuer claim.

    You can control the "Issuer", or iss claim, in two different ways:

    You can set it in the tenant config, where it will apply for all JWTs issued for that tenant. You'd modify that by navigating to "Tenants", then your tenant, then "General". Modify the "Issuer" field value to be login.example.com. You can set it at the individual JWT level by modifying the JWT populate lambda. You would do this if you wanted to have a different issuer based on some information from the user or registration data. (This does not appear to be the case here, just including this for completeness.)

    I'm not clear if you have more than one tenant in your system; if you do, you can either change the "Issuer" setting for the default tenant (which is what is provided when no tenantId is on the URL) or request the endpoint with a tenantId appended, like this:

    https://login.example.com/.well-known/openid-configuration?tenantId=<tenantid>

  • D

    Passwordless login and the OIDC workflow

    Q&A
    • passwordless oidc • 2 Dec 2020, 17:28 • dan 2 Dec 2020, 17:28
    2
    0
    Votes
    2
    Posts
    1.1k
    Views

    D 2 Dec 2020, 17:28

    That should work ok. The only reason not to do it this way - is because you’re sort of emulating the OAuth frontend’s usage of this API which in theory is subject to change.

    Re: state, additional key value pairs will be stored, however if our front end is consuming the URL, you won’t have access to the API response which will contain that state information.

  • D

    OIDC with Azure AD

    Q&A
    • azure oidc • 19 Nov 2020, 16:23 • dan 19 Nov 2020, 16:23
    2
    0
    Votes
    2
    Posts
    1.3k
    Views

    D 19 Nov 2020, 16:23

    We have users that have been successful in configuring with AD v2. We have not yet tested or updated the documentation.

    This may be helpful. https://github.com/FusionAuth/fusionauth-issues/issues/855

  • D

    Different JWT expiration times based on how they are generated

    Q&A
    • jwt expiration api oidc • 23 Oct 2020, 19:42 • dan 23 Oct 2020, 19:43
    2
    0
    Votes
    2
    Posts
    2.9k
    Views

    D 23 Oct 2020, 19:43

    The JWT TTL can be configured per application, so if you were using a different application for OIDC vs an API - then you could do it.

    But if you don't want to use multiple applications, then it is not possible, at least currently.

    I could see a use case for asking for a JWT with a TTL equal to or less than the configuration and that request being honored, that could be a feature request. But as of right now, the only option is different applications.

  • D

    Can I get the OAuth/OIDC endpoints for an application via the API?

    Q&A
    • oauth oidc endpoint api • 8 Oct 2020, 22:55 • dan 8 Oct 2020, 22:56
    2
    0
    Votes
    2
    Posts
    2.2k
    Views

    D 8 Oct 2020, 22:56

    These are generated in the UI. So the values are not available from the API.

    However you can derive them yourself as well. We just take the URL + /oauth2/authorize?... + redirect_uri etc.

  • M

    Clarification on OAuth/OIDC logout endpoint

    Q&A
    • oauth oidc logout • 7 Oct 2020, 19:16 • Moonshine 8 Oct 2020, 15:39
    4
    0
    Votes
    4
    Posts
    4.2k
    Views

    M 8 Oct 2020, 15:39

    Yea, that flexibility would be ideal IMO, although the registeredLogoutURLs should be workable for us at this point. FWIW that is actually the behavior I assumed before digging into the docs. I'll definitely add the issue to GitHub, as I think it's probably part of the path to getting OIDC Certification which appears to already have an issue.

    Thanks!

  • D

    Is FusionAuth both an OIDC Relying Party and and Identity Provider?

    Q&A
    • faq oidc standards • 1 May 2020, 16:54 • dan 7 Apr 2023, 10:42
    2
    0
    Votes
    2
    Posts
    3.3k
    Views

    H 7 Apr 2023, 10:42

    @dan
    I faced similar kind of issue last time, I am still searching for some proper solution.