MFA Authentication for the API Connector User

Hi Team,
We have some customers. They have their own database where user information and passwords will be stored.
For those users, the customer has exposed the API for authentication.
The exposed API we added as an API connector in FusionAuth.
For this kind of user, we want to provide the MFA.
Please suggest a solution for this.

fusion Auth Version 1.35.0

Fusion Auth is not working

Command

. { iwr -useb https://raw.githubusercontent.com/FusionAuth/fusionauth-install/master/install.ps1 } | iex; install
After Installation and running the following command
.\fusionauth\bin\startup.bat

This is Output Window is coming
NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
2022-03-22 5:40:42.310 PM WARNING org.apache.tomcat.util.digester.Digester - [SetPropertiesRule]{Server} Setting property 'port' to '${fusionauth-app.management.port}' did not find a matching property.
2022-03-22 5:40:42.368 PM WARNING org.apache.tomcat.util.digester.Digester - [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'port' to '${fusionauth-app.http.port}' did not find a matching property.
2022-03-22 5:40:42.369 PM WARNING org.apache.tomcat.util.digester.Digester - [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'redirectPort' to '${fusionauth-app.https.port}' did not find a matching property.
2022-03-22 5:40:42.374 PM WARNING org.apache.tomcat.util.digester.Digester - [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'port' to '${fusionauth-app.https.port}' did not find a matching property.
2022-03-22 5:40:42.390 PM WARNING org.apache.tomcat.util.digester.Digester - [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'port' to '${fusionauth-app.ajp.port}' did not find a matching property.
2022-03-22 5:40:42.463 PM INFO org.apache.catalina.core.AprLifecycleListener - The Apache Tomcat Native library which allows using OpenSSL was not found on the java.library.path: [D:\userauth3\fusionauth\java\jdk-17.0.1+12\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn;C:\Program Files\dotnet;C:\Program Files\Microsoft SQL Server\130\Tools\Binn;C:\Program Files\Microsoft\Azure Functions Core Tools;C:\Program Files\nodejs;C:\Program Files\Git\cmd;C:\Users\hanumant.sidraya\AppData\Roaming\npm;C:\Program Files\Microsoft\Web Platform Installer;C:\Program Files (x86)\dotnet;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn;D:\JMeter\bin;%JAVA_HOME%\bin;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn;C:\Program Files\Azure Data Studio\bin;C:\Program Files\Java\jdk-16\bin;C:\Users\hanumant.sidraya\AppData\Local\Programs\Microsoft VS Code\bin;C:\Users\hanumant.sidraya.dotnet\tools;C:\Users\hanumant.sidraya\AppData\Roaming\npm;C:\Program Files\mongosh;.]
2022-03-22 5:40:42.671 PM INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-auto-1"]
2022-03-22 5:40:42.751 PM INFO org.apache.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
2022-03-22 5:40:42.759 PM INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["https-jsse-nio-auto-2"]
2022-03-22 5:40:42.887 PM INFO org.apache.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
2022-03-22 5:40:42.889 PM INFO org.apache.coyote.ajp.AjpNioProtocol - Initializing ProtocolHandler ["ajp-nio-127.0.0.1-auto-3"]
2022-03-22 5:40:42.905 PM INFO org.apache.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
2022-03-22 5:40:42.907 PM INFO org.apache.catalina.startup.Catalina - Initialization processed in 659 ms
2022-03-22 5:40:42.915 PM INFO org.apache.catalina.core.StandardService - Starting service [Catalina]
2022-03-22 5:40:42.916 PM INFO org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/8.5.72]
2022-03-22 5:40:44.648 PM INFO org.apache.jasper.servlet.TldScanner - At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
2022-03-22 5:40:45.783 PM SEVERE org.apache.catalina.core.StandardService - Failed to start connector [Connector[HTTP/1.1-auto-1]]
2022-03-22 5:40:45.784 PM SEVERE org.apache.catalina.core.StandardService - Failed to start connector [Connector[HTTP/1.1-auto-2]]
2022-03-22 5:40:45.785 PM SEVERE org.apache.catalina.core.StandardService - Failed to start connector [Connector[AJP/1.3-auto-3]]
2022-03-22 5:40:45.788 PM INFO org.apache.catalina.startup.Catalina - Server startup in 2879 ms

After that, I'm not able to access the URL: http://localhost:9011/

Hi All,

• We have configured the connector in the tenant and user migration is disabled.

• Once the user gets authenticated the copy of the user is getting created in the fusion auth.

• If the connector is down users are not getting authenticated as expected its working.

• If the connector is removed from the tenant configuration after that users are getting authenticated.

• This is what we don’t want once the connector is removed all the user data should get cleared from the fusion auth.

• How can we achieve this?

Hi All,
How to enable the MFA for generic connector users.
can we handle genric connector response content?
if yes let me know what all response content need to send

Hello,
Scenario:
user will get authenticated by the connector but the user will not be migrated to fusion AUTH. but we want to use the MFA functionality for these users.
can we able to achieve these through fusion auth?
if it's possible let me know what all steps need to implement.

@joshua Thanks it worked

Hello,
I'm trying to register users using user GUID.

• Configured the LDAP for user authentication
• Created lambda function for LDAP response reading and setting user information
• We want to use LDAP user id to set in Fusion AUTH. objectGUID is configured as the attribute in LDAP configuration

This is the following function we used to convert ObjectGUID to string because ObjectGUID will be the binary.

const hexValue = Buffer.from(objectGUID, 'binary').toString('hex')

  console.log(Buffer.from(objectGUID, 'binary'))  
  console.log(hexValue)
  

  console.log(hexValue.replace(
        /([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{4})([0-9a-f]{10})/,
        '$4$3$2$1-$6$5-$8$7-$9-$10'
    ));

Buffer.from(objectGUID, 'binary') this function is not working in lambda function same peace of code work for normal javascript without any error.
ReferenceError: "Buffer" is not defined in <eval>

Please suggest to me an alternative solution or how to fix this buffer issue.

Thanks
Hanumant