• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Is it possible to change the Tenant issue domain?

Scheduled Pinned Locked Moved Unsolved
Q&A
2
4
3.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    netstack
    last edited by 14 Feb 2025, 15:46

    I started fusionauth with one specific url sso.dev.domain.example.

    Now i would like to change the domain to sso.domain.example.

    If I adjust the Issuer URL at the Tenant it doesn't update the Application URLs like
    OAuth IdP login URL, Logout URL etc.

    Is there a way to adjust the FusionAuth domain?
    If I use the new domain sso.domain.example i did get 403 Errors during login.

    M 1 Reply Last reply 14 Feb 2025, 21:19 Reply Quote 0
    • M
      mark.robustelli @netstack
      last edited by 14 Feb 2025, 21:19

      @netstack , Adjusting the issuer URL at the Tenant level will not update the Applications URLs. If you have many applications and plan to change often, you can use the APIs to make sure all the applications get updated appropriately.

      Please check out this as well:

      After modifying the Tenant issuer, you should also update the JWT configuration for your applications:
      Navigate to "Applications" in the admin UI.
      Click on the edit icon for the application you want to update.
      Go to the "JWT" tab.
      Change both "Access token signing key" and "Id token signing key" to "Auto generate a new key on save...".
      Save the application.
      It's important to note that you must create new keys after modifying the Tenant because the Issuer field is embedded in the key.

      N 1 Reply Last reply 15 Feb 2025, 09:21 Reply Quote 0
      • N
        netstack @mark.robustelli
        last edited by 15 Feb 2025, 09:21

        Hi @mark-robustelli ,

        thanks for the fast reply.

        For the JWT that was working perfectly. Now i also would like to adjust the "OAuth2 & OpenID Connect Integration details" .
        On all custom Apps but also at the default "FusionAuth".

        Because there is also still the old domain sso.dev.domain.example instead of sso.domain.example .

        I tried the same with re-generating and adjusting the URL's directly at the application. But still the URL's remain unchanged.

        OAuth IdP login URL is still: sso.dev.domain.example
        Tenant Issuer URL is: sso.domain.example

        And additional Info: For test purpose i also created a new Tenant with new domain: new.sso.domain.example and if I also create a new App and assign it to the new tenant also the new App does have the very old Domain sso.dev.domain.example . That's strange, i thought if I would create a new tenant and new application that they would have the "updated" domain already.

        Thanks a lot!

        M 1 Reply Last reply 17 Feb 2025, 17:28 Reply Quote 0
        • M
          mark.robustelli @netstack
          last edited by 17 Feb 2025, 17:28

          @netstack hmm, Did I read this part correctly?

          I tried the same with re-generating and adjusting the URL's directly at the application. But still the URL's remain unchanged.

          Does this mean that even when you update the urls in the application, the change does not take. Or the change takes, but still does not work?

          Would it be possible for you to send a screen shot of your config? Please be sure to redact any sensitive info before posting.

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post