@joshua Did you ever confirm this? I have the exact same scenario. I was thinking about adding an identity provider (SAML) that is itself (same fusion instance). Then like mentioned have a separate login for internal users, like /internal that kicks off the login with that IDp.
U
Best posts made by utahtwo
-
RE: Shared Usersposted in General Discussion
Latest posts made by utahtwo
-
RE: Shared Usersposted in General Discussion
@joshua Did you ever confirm this? I have the exact same scenario. I was thinking about adding an identity provider (SAML) that is itself (same fusion instance). Then like mentioned have a separate login for internal users, like /internal that kicks off the login with that IDp.
-
RE: SAML Idp Initiated Failureposted in General Discussion
@robotdan Yep! That did the trick. 1.36 resolved my issue. I do have another quick question. Can I use the same SAML configuration to do Idp initiated and do not idp login? Right now I have 2 SAML configs, one for Idp initiated, and the other that redirects to Jump Cloud when you try to login to FA. Would be nice to have one that works for both, but maybe my configuration is the preferred way?
Basically, I want to make it really easy to login. Login from JC user console, or go to fusion.myorg.com which sends you to JC to authenticate.
Thanks
-
SAML Idp Initiated Failureposted in General Discussion
I am trying to get an Identity Provider setup to use to login to FusionAuth Admin. Specifically, I am using JumpCloud. I want to be able to use the Jump Cloud User Portal, to click on the SSO app and auto login me into FA Admin. I have everything I believe configured correctly, but when I click the link I get the error "We were unable to complete your login attempt. Please attempt the request again". Tailing the logs, yields the below stacktrace error. The funny thing is, the login works! If I visit the /admin path by editing the URL, I get the app fully logged in. The event log (debug enabled), shows a fully successful authentication. The problem seems to be the redirected URL throws the error. This is the URL "/admin/login?code=bp2p4eSm1FMWfKR_U3Jw0DJqrLgcxyLWo_SZnjCaAvs&locale=en_US&state=nnHKri9jzXMr1yrEBM7gRxNFKCh3Bsb9pTCbrOc2iDs&userState=Authenticated", if it just redirected to "/admin" I think it might work fine.
I am using the SAML v2 IdP initiated provider. I am running FA via Docker.
Thanks
2022-04-01 5:39:00.406 PM ERROR io.fusionauth.app.action.BaseOAuthCallbackAction - Unable to call FusionAuth Token endpoint using code [3M_9UyKtWpEsus7HWJOeApqswYTzWO7M164cMHSKNBw].
[1/Apr/2022:17:39:00] 2022-04-01 5:39:00.406 PM ERROR io.fusionauth.app.action.BaseOAuthCallbackAction - Returned Exception
[1/Apr/2022:17:39:00] java.lang.NullPointerException: Cannot invoke "String.length()" because "s" is null
[1/Apr/2022:17:39:00] at java.base/java.net.URLEncoder.encode(URLEncoder.java:224)
[1/Apr/2022:17:39:00] at java.base/java.net.URLEncoder.encode(URLEncoder.java:196)
[1/Apr/2022:17:39:00] at com.inversoft.rest.FormDataBodyHandler.lambda$serializeRequest$0(FormDataBodyHandler.java:63)
[1/Apr/2022:17:39:00] at java.base/java.util.HashMap.forEach(HashMap.java:1421)
[1/Apr/2022:17:39:00] at com.inversoft.rest.FormDataBodyHandler.serializeRequest(FormDataBodyHandler.java:57)
[1/Apr/2022:17:39:00] at com.inversoft.rest.FormDataBodyHandler.setHeaders(FormDataBodyHandler.java:49)
[1/Apr/2022:17:39:00] at com.inversoft.rest.RESTClient.go(RESTClient.java:232)
[1/Apr/2022:17:39:00] at io.fusionauth.client.FusionAuthClient.exchangeOAuthCodeForAccessTokenUsingPKCE(FusionAuthClient.java:1600)
[1/Apr/2022:17:39:00] at io.fusionauth.app.action.BaseOAuthCallbackAction.exchangeCodeForToken(BaseOAuthCallbackAction.java:64)
[1/Apr/2022:17:39:00] at io.fusionauth.app.action.admin.LoginAction.get(LoginAction.java:84)
[1/Apr/2022:17:39:00] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[1/Apr/2022:17:39:00] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
[1/Apr/2022:17:39:00] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[1/Apr/2022:17:39:00] at java.base/java.lang.reflect.Method.invoke(Method.java:568)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.util.ReflectionUtils.invoke(ReflectionUtils.java:414)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.execute(DefaultActionInvocationWorkflow.java:79)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.action.DefaultActionInvocationWorkflow.perform(DefaultActionInvocationWorkflow.java:62)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.validation.DefaultValidationWorkflow.perform(DefaultValidationWorkflow.java:47)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.security.DefaultSecurityWorkflow.perform(DefaultSecurityWorkflow.java:60)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.parameter.DefaultPostParameterWorkflow.perform(DefaultPostParameterWorkflow.java:50)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:52)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:57)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:102)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:58)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:126)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.StaticResourceWorkflow.perform(StaticResourceWorkflow.java:97)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.parameter.RequestBodyWorkflow.perform(RequestBodyWorkflow.java:91)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:64)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at io.fusionauth.app.primeframework.CORSFilter.doFilter(CORSFilter.java:262)
[1/Apr/2022:17:39:00] at io.fusionauth.app.primeframework.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:49)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
[1/Apr/2022:17:39:00] at io.fusionauth.app.primeframework.FusionAuthMVCWorkflow.perform(FusionAuthMVCWorkflow.java:86)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
[1/Apr/2022:17:39:00] at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78)
[1/Apr/2022:17:39:00] at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[1/Apr/2022:17:39:00] at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:196)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
[1/Apr/2022:17:39:00] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
[1/Apr/2022:17:39:00] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
[1/Apr/2022:17:39:00] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
[1/Apr/2022:17:39:00] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
[1/Apr/2022:17:39:00] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
[1/Apr/2022:17:39:00] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
[1/Apr/2022:17:39:00] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
[1/Apr/2022:17:39:00] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1650)
[1/Apr/2022:17:39:00] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
[1/Apr/2022:17:39:00] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
[1/Apr/2022:17:39:00] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
[1/Apr/2022:17:39:00] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
[1/Apr/2022:17:39:00] at java.base/java.lang.Thread.run(Thread.java:833)