@dan said in Systemd service template:

https://fusionauth.io/direct-download/

To Add to what @dan mentioned, you can install .deb or .rpm packages using the fast path install method. It will default to zip file installation.

For additional ways to call it - see the Fast Path install guide.
https://fusionauth.io/docs/v1/tech/installation-guide/fast-path/

@vexana

I think you want to add a claim into a token? Does this lambda help? https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

Or can you be more precise in what you are looking to do?

This issue was resolved and released as part of 1.24.0.

More here: https://fusionauth.io/docs/v1/tech/release-notes/#version-1-24-0

@vexana succeeded, but had another question, so I forked the topic: https://fusionauth.io/community/forum/topic/811/mapping-fusionauth-roles-to-elasticsearch

Hiya @priyankakumari3058

I'm not sure you're posting in the right forum. This forum is for questions and discussion about FusionAuth, not kibana.

I think you might want the elasticsearch forums: https://discuss.elastic.co/

Hope that helps.

@dan Thanks it worked !

My first question is a) when I setup the dashboard on server A. Can I assume that all the servers (behind a load balancer) will get the same configuration?

You need to distribute the configuration file or the environment variables yourself. You could scp the configuration file to each server, for example.

b) I want to make sure that FA is using the RDS database and not a local one in each docker container. How can I prove to myself that FA is using the RDS?

I'm not sure how you installed this, but you could remove postgresql from the docker-compose file. You can also shut down the RDS instance and see if FusionAuth fails.

You can also look for a line in the startup log file that looks like this:

fusionauth_1 | 2021-02-02 9:23:53.070 PM INFO com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://db:5432/fusionauth]

This line is connecting to a local postgresql database, but you should see the configuration value pointing to the RDS hostname in yours.

So I just finished writing up an SSO document (not yet published, in review) and SSO and refresh tokens are orthogonal. Refresh tokens are used when you have a client who wants to get a new JWT, and SSO is used to transparently log a user in when you are using the hosted login pages.

So I wouldn't worry about the refresh token appearing or disappearing.

... handling SSO in my application but looks like my SSO session is dropped after some short time ~1h, but Session timeout for the tenant is set to 10 days

What does the fusionauth.sso cookie have for the maxage/expires value?

Does this happen regularly, or intermittently? It looks like some kind of SSL issue from the stacktrace, but I'm afraid I don't have any experience with this configuration.

Another troubleshooting approach would be removing components to see if that changed the behavior.

Or you could also search for interactions between Hikari (the java connection pooling system FusionAuth uses) and haproxy.

Sorry I don't have a better answer for you. Please let us know what you end up finding out!

Can you please provide more details?

What you are trying to do? A step by step explanation would be really helpful for anyone trying to understand what problem you ran into.

Thanks,
Dan

@robertom

I'm not quite sure how to answer your question without more details. If you want to use FusionAuth as an external directory, you could encrypt sensitive data and store it on the user or registration objects. While there is built in support for managing keys you'd have to build the actual encryption logic yourself; you can't mark a user field to be 'extra encrypted' in FusionAuth at this time.

That might be an interesting feature; feel free to file a feature request with more details.

Two ideas:

Does it help to specify the key id when creating your test SymmetricSecurityKey? var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes( "My secret from application config" ) ) { KeyId = "Your Key Id" }; You don't specify which algorithm you're using to sign your tokens. If you're using SymmetricSecurityKey, ensure you're using an symmetric algorithm to sign your tokens.