Hoy!
I'm getting messages like this, sporadically from some customers, where FA returns 500 saying FA can't handle this request...
I have a feeling this relates with the FA cookies
Thanks

2024-07-09 08:55:25.647 AM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) [Guice/ErrorInjectingConstructor]: NullPointerException
  at LogoutAction.<init>(LogoutAction.java:22)
  while locating LogoutAction

Learn more:
  https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

1 error

======================
Full classname legend:
======================
LogoutAction:         "io.fusionauth.app.action.account.LogoutAction"
========================
End of classname legend:
========================

	at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:251)
	at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1151)
	at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1186)
	at org.primeframework.mvc.action.DefaultActionMapper.map(DefaultActionMapper.java:61)
	at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:80)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
	at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:73)
	at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.NullPointerException: null
2024-07-09 08:55:25.647 AM ERROR org.primeframework.mvc.PrimeMVCRequestHandler - Error encountered
java.lang.NullPointerException: null

Issue:

When changed password algorithm for tenant, the following actions/apis will timeout

• timeout on update user api:
  url: api/user/{{uuid}}
  body:

{
    "applicationId": "{{application-id}}",
    "user": {
        "password": "supersecurepassword" // new password
    }
}

• timeout on creating a new user using web portal

Steps to reproduce

1. create a new tenant
2. create a test user for this tenant user+inv1@gmail.com (this should success)
3. change password for this user using postman api user+inv1@gmail.com (this should success)
4. change the password algorithm for this tenant
5. create another test user for this tenant user+inv2@gmail.com (this should failed by timeout)
6. change password for old user using postman api user+inv1@gmail.com (this should failed by timeout)

greetings folks,

I am using mariadb as an overlay on mysql server and i upgraded to a supported version, which is 10.11.8 in order to be able to setup fusionauth app.

my problem is right now, that I don't know where shuold place the downloaded JAR file on Debian Linux in order to make the maintanance mode get through the setup phase. I have no knwoledge of using postgresql and don't wish to learn it right now explicitly.

also do i need to set up a mysql database manually for FusionAuth before processing the Maintanance Mode?

Hi,

Is it possible to use the fusionauth docker image in a Dockerfile and pass in the values for the environment variables such as username and password?

Regards
Alan

Hi,

I am trying to use FusionAuth (via docker image) in a Microsoft Azure Container App Environment. I am using a Microsoft Azure PostgreSql Flexible Server instance to host the database - after much hassle getting Private Endpoints etc configured, I can access the FusionAuth container and configure it.

I get an error though - the same as here and I was wondering if there has been any progress made by the FusionAuth team on making this an 'easy' fix as running inside containers is more prevalent these days.

I also have an instance of KrakenD API gateway running inside my container app environment - would I be able to use it to proxy FusionAuth calls and add any missing headers. KrakenD can do authentication using Keycloak/Auth0 etc - would this be a possibility?

Looking for some real world help on my options.

Thanks
Alan

Currently, we have around 2000 IdP's. Will FusionAuth be able to add 2000 urls in the allowed origins field? Does that field have any size limit?

Hi everyone,

I'm facing challenges validating JWTs generated by FusionAuth using RSA-SHA256 within my .NET application using the JwtBearer middleware. I've generated a public/private key pair in the FusionAuth Key Master and configured my application as follows:

public static void AddFusionAuthentication(this IServiceCollection services)
{
    var fusionAuthSettings = services.BuildServiceProvider().GetRequiredService<IOptions<FusionAuthSettings>>().Value;
    byte[] publicKeyBytes = Convert.FromBase64String(fusionAuthSettings.IssuerSigningPublicKey);
    
    services
        .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(opt =>
        {
            opt.Authority = fusionAuthSettings.FusionAuthUrl;
            opt.Audience = fusionAuthSettings.ClientId;
            opt.IncludeErrorDetails = true; // for debugging

            opt.TokenValidationParameters = new()
            {
                ValidateIssuer = true,
                ValidIssuers = [fusionAuthSettings.Issuer],
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(publicKeyBytes)
            };
        });

    services.AddAuthorization(options => { });
}

However, I'm encountering two unexpected scenarios:

1. The JWT validation succeeds regardless of the value I set for IssuerSigningPublicKey.
2. Even when using the correct public key from FusionAuth, JWTs signed with different keys are still validated successfully.

It seems like the signature validation isn't working as expected.

Has anyone else encountered similar issues? Could there be a configuration problem in FusionAuth or my .NET application? Any guidance or suggestions for troubleshooting would be greatly appreciated.

Thanks in advance!

I got this error when installing the app according to the publisher's instructions

Hi everyone

In one of my previous posts I asked if anyone had some experiences integrating FusionAuth and JupyterHub through an LTI authenticator. I am mostly done with that, but there are a few missing pieces in the puzzle (I will write my discoveries once I get everything sorted out)

The flow goes like this:

• I make a POST request to the Jupyterhub endpoint that starts the authorization flow: hub/lti13/oauth_login with some parameters to include the issuer, the login_hint and other needed parameters.
• The endpoint is responsible to add some request parameters like the nonce, or the callback_url to then send the request to fusionauth /oauth2/authorize.
• FusionAuth passes the id_token to the callback_url, which in turn checks that the necessary keys are correct (I added a Lambda function to add required LTI parameters)
• JupyterHub checks that everything is correct, and if so, it proceeds and redirects finally the user to the JupyterHub notebooks

So far so good, everything seems to be working fine. Except when I try to embed it in an iframe!

I was already logged in, but then it asks me to log in again inside the Iframe. But when I try it, it just loops and asks me again for my credentials. After checking the Network tab, when I try to log in fusionAuth by hitting the Submit button, it makes a POST request to /oauth2/authorize, which returns a /oauth2/complete-registration, which upon requesting, it returns again oauth2/authorize (Hope that can be understood)

I already added the jupyterhub url in the Application "Authorized request origin URLs"

What I assume is that it is because of the cookies not being correctly passed, but I don't know how that affects the looping behaviour this presents

Can anyone shed some light please? I've been struggling with this during days and I dont know what else I can do :(.

Also, I really hope this is not the issue, but I am currently testing the frontend using localhost. JupyterHub and FA are already in (separate) https domains

Thank you very much,
Ivan

Hi all,

We're seeing sporadic redirects to /maintenance-mode in production. Many users are able to sign in and register just fine and our admin dashboards are working, but many users are reporting an inability to login and are getting redirected to /maintenance-mode. The actual maintenance mode form is not returned (just the error text) as we are in production mode. To help us troubleshoot it would be helpful to know if redirects to /maintenance-mode can happen sporadically on a single node, or if that redirect is a game-over state that a node will return consistently until fixed.

Thanks!