I'm not sure what is going on, but my guess is that the cookies are shared locally (cookies are shared across ports), which is why things are working.

If you are trying to pass information from when someone logs in to after they are logged in, through the oauth flow, you should look at the state parameter. There's some information on doing that here: https://fusionauth.io/community/forum/topic/165/taking-a-user-directly-to-the-registration-page?_=1610507951768 but I'm not sure how it integrates with whatever library you are using. I'd consult the docs for that lib.

re: #1, please see my answer here: https://fusionauth.io/community/forum/topic/12/can-i-configure-the-inactivity-timeout-of-the-fusionauth-session-cookie?_=1610490171675

re: #2 I forwarded your message on to the team and someone should be reaching out about support options.

Thanks!

Ah, great. Yes, if you are running both the database and FusionAuth, you need more memory. If you are running elasticsearch too, you'll need even more.

@tony

Glad you were able to figure it out. I'm not aware of any other way to access the identity provider id from the response, but that does seem to solve your problem, correct?

Please feel free to file a feature request more clearly outlining your use case and proposed ideal solution.

It looks like the type of audiences is a set of strings, so I wouldn't expect any complex elements.

The docs say that this field is:

[a] list of the audiences for this SAML response. By default, the issuer or audience from the form are used.

This is not super clear to me, so I filed a PR against the docs to make it clearer: https://github.com/FusionAuth/fusionauth-site/pull/376

This looks to be a bug. Tracking here: https://github.com/FusionAuth/fusionauth-issues/issues/1067

Thanks for letting us know.

Hard to know exactly what's going on.

I would try creating another tenant and seeing if the same SMTP settings fail. Then I'd try standing up a version with the very latest FusionAuth version and seeing if you see the same behavior.

Also, do you have the same tenant smtp settings? That is under the "advanced" tab, then "smtp settings".

@dan

Thanks for the reply. It works

How much memory are you giving to the java process?

You can also switch to the database search engine and see if removing ES resolves the issue. At that point it might be a resource issue.

https://fusionauth.io/docs/v1/tech/tutorials/switch-search-engines/ has instructions on how to change these.

For anyone interested I got this running by one installing docker-compose from the actual docker tutorial on how to do it, and then giving docker permission to run commands as root. There is a tutorial on how to do it on. On top of those I moved it to a server with 2gb of ram, as I noticed a few out of memory errors when it was trying to start up.
https://docs.docker.com/engine/install/linux-postinstall/

Hi @daniel-barrett ,

Great question! The short answer is that the TOTP/Google authenticator/authy 2FA will continue to be included in the community edition.

As we're revamping the SMS functionality entirely and making it a whole lot better, when this MFA project is released, using SMS 2FA will require a paid edition license.

Here's a lot more detail.

Please let me know if you have any questions or comments.

Hi @daniel-barrett ,

Sorry for the hassle!

All the hosted login pages that FusionAuth makes available are documented in the themes section.

That Integration Points doc is pretty new, but if you haven't seen it is worth a read. Would love any feedback on that.

You could maintain two user accounts, dan with MFA turned on and dan-api-access with MFA turned off and application tokens. You could then use webhooks to keep their permissions in sync.