@ahcfrontdoor I set up an application with the setting you are talking about and was allowed to register and proceed without any re-direction. Can you share a screen shot of your application registration tab. Please be sure to black out any sensitive information if necessary.
Group Details
Private
administrators
Member List
-
RE: Unverified Behavior Setting Not Respectedposted in Q&A
-
RE: Is there a way to enable or disable captcha at application level?posted in General Discussion
@dan Great catch, no sure how I confused mfa and captcha. Thank you!
-
RE: Is there a way to enable or disable captcha at application level?posted in General Discussion
@mark-robustelli I don't believe you can do this. I think @muditshukla3 was asking about CAPTCHA, not MFA.
-
RE: Noob question: Single user, multiple "tenants"posted in Q&A
@morten Check out this thread and please let me know if it works for you. https://fusionauth.io/community/forum/topic/2743/can-i-configure-a-tenant-application-as-an-external-identity-provider-for-other-tenants/8
-
RE: Making API calls against a user who is federating into FusionAuthposted in Q&A
The easiest thing to do is to store the value on the user.data object in the reconcile lambda, and then pull it off in the JWT populate lambda.
The JWT populate lambda will only be called if the authorization code grant is completed and an access token is generated, but you should be doing that in your application.
So what it looks like is:
- user visits your application
- user clicks 'login'
- user clicks 'login with OIDC'
- user authenticates
- user returned to FusionAuth
- reconcile lambda runs, setting values on user.data
- user object is created
- JWT populate lambda runs, pulling values from user.data and calling FusionAuth APIs to add user to a group or grant them permissions on an entity
- user object is updated, user exists in FusionAuth
-
Making API calls against a user who is federating into FusionAuthposted in Q&A
Suppose I have users who are going to federate into FusionAuth via another OIDC or SAML server. They are going to be created on demand. After they are created, I want to use Lambda HTTP Connect to call into FusionAuth to add them to a group, register them for an application or otherwise manipulate their account based on attributes from the remote identity store.
I tried to do that in the OIDC reconcile lambda, but the user isn't created yet, so I can't, for example, add them to a group or grant them permissions on an entity.
What is the best way to solve this?
-
RE: Using Fusion auth inside iframeposted in Q&A
For future readers, there's an open GH issue here to better support iframes: https://github.com/FusionAuth/fusionauth-issues/issues/2830
Please add your use cases, upvotes and comments there.
-
RE: Can I configure a tenant application as an external identity provider for other tenants?posted in Q&A
@sandiprghane based on that info, I think the above method will work for you and as I mentioned, maybe check out custom scopes for third party applications if you have a license that supports it.