Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Not a bug
Matthew Woolnough 2 months ago in Identity Broker for Aurion • updated 2 months ago 4

Given_Names is included in Schema of the Aurion Connector. I can see the attribute has values in Wireshark packet trace as seen below, but no objects have a value in the attribute in the connector.


<AQT_Output>
  <Employee_Number>546</Employee_Number>
  <Person_Number>546</Person_Number>
  <Surname>Lord</Surname>
  <Given_Names>Dale Brendan</Given_Names>
  <Preferred_Name>Dale</Preferred_Name>
  <Salutation>Mr</Salutation>
  <Person_Type>EMPLOYEE</Person_Type>
  <Employment_Type_Code>CA</Employment_Type_Code>
  <Actual_Position_Number>L42368V</Actual_Position_Number>
  <Actual_Organisation_Unit_Number>426</Actual_Organisation_Unit_Number>
  <Date_Commenced>01-JUL-1999</Date_Commenced>
  <Date_Terminated></Date_Terminated>
  <Contract_Expiry_Date></Contract_Expiry_Date>
  <Leave_Date_From></Leave_Date_From>
  <Leave_Date_To></Leave_Date_To>
  <Leave_Type_Code></Leave_Type_Code>
  <Organisation_Unit_Level_01>APRA Members</Organisation_Unit_Level_01>
  <Organisation_Unit_Level_02>Specialised Institutions</Organisation_Unit_Level_02>
  <Organisation_Unit_Level_03>Sth West-Melb (SID)</Organisation_Unit_Level_03>
  <Primary_Cost_Code>SID310</Primary_Cost_Code>
  <Attendance_Type_Code>FULL</Attendance_Type_Code>
  <Actual_Location_Code>MELB</Actual_Location_Code>
 </AQT_Output>


Answer
anonymous 2 months ago

When you edit your connector settings, does the mapping look like the screenshot here? If so, the problem is that you don't have a GivenNames field in the schema - rename the Given_Names schema field to GivenNames.

0
Answered
Matthew Woolnough 4 months ago in Identity Broker for Aurion • updated by anonymous 3 months ago 5

Client DBA was able to determine that the Aurion position connector actually runs 3 queries in IDB version 3 and 5.  

The first and third are identical but the second script is totally different. 

In version 3, the position appears to be retrieved from "T001F065_ACTUAL_POSITION_NO" whereas in version 5 appears to try to determine position information from "T101F005_POSITION_NO". 

Is it possible to have the position query retrieve data from "T001F065_ACTUAL_POSITION_NO" in IdB 5.x?



Answer
anonymous 3 months ago

OK, It sounds as though there is a misalignment between dev & prod. Will ask them to update the environment.

0
Answered
Matthew Woolnough 4 months ago in Identity Broker for Aurion • updated by anonymous 4 months ago 3

I have chosen not to use mapping on adapters which do not require write back into Aurion as it's much easier to configure.  I am however getting an error when I try to use the Key.   The Key is a required field, but Identity Broker does not recognise this due to the mapping.  Error is below:


Error in adapter Aurion Schedules - Organisation distinguished name configuration: The DN component part 'UID=[OrganisationUnitNumber]' could not be executed as the field OrganisationUnitNumber is not required. An empty field would result in a DN of 'UID='. 

Is it possible to resolve this, or do I need to go back to mapping?





Answer
anonymous 4 months ago

You should be able to just update the field on the connector to be required. Unless it's generated in the target system - in which case you'll need a different DN, e.g. the entity id.

0
Not a bug
Matthew Woolnough 4 months ago in Identity Broker for Aurion • updated by Curtis Lusmore 3 months ago 3

Created a connector for Aurion Positions to match the one if Idb3 & getting a duplicate key error.  I can't see any duplicates in the data when I trace the traffic using Wireshark. 

20170522,22:44:43,UNIFY Identity Broker,Connector,Information,"Request to import all entities from connector.
Request to import all entities from connector Aurion Position.",Normal
20170522,22:44:43,UNIFY Identity Broker,Connector,Information,"Import all entities from connector completed.
Import all entities from connector Aurion Position return 671 entities. Duration: 00:00:00",Normal
20170522,22:44:43,UNIFY Identity Broker,Connector Processor,Information,"Connector Processing started.
Connector Processing started for connector Aurion Position (page 1)",Normal
20170522,22:44:44,UNIFY Identity Broker,Connector Processor,Information,"Connector processing failed.
Connector Processing page 1 for connector Aurion Position failed with reason The key L32190N has been duplicated.. Duration: 00:00:00.2500002. 
Error details:
System.ArgumentException: The key L32190N has been duplicated.
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
   at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page)
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()",Normal
20170522,22:44:44,UNIFY Identity Broker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Position failed with reason An error occurred while evaluating a task on a worker thread.  See the inner exception details for information.. Duration: 00:00:10.7189045
Error details:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread.  See the inner exception details for information. ---> System.ArgumentException: The key L32190N has been duplicated.
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
   at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page)
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
   --- End of inner exception stack trace ---
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForCompletedThreads()
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
   at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
   at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
   at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<run>b__0()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal</run></performchangedetection></performchangedetection>


Answer
Curtis Lusmore 3 months ago

The data retrieved by SOAPUI contains 2 positions with the same code as per the error in 5.1.

Has the handling of this scenario in IdB changed? I'm interested to know why 3.1 does not throw an error. 


0
Answered
Matthew Woolnough 4 months ago in Identity Broker for Aurion • updated 4 months ago 7

Using Aurion connectors, I have 4 types:

  • Schedule
  • Security User
  • Person
  • Generic

If I use Security User as an example, immediately after creating the connector I get the error "Aurion connectors require Query Mappings to be configured for imports to successfully complete. Please reconfigure this connector to update the Query Mappings."

1) If I use the "default Security User schema", an incorrect schema is created and I need to guess the correct attribute names.

If I use the "query fields" option, the correct names are created & have the option to do mapping in the connector which is very time consuming, or I can have the adapter do it automatically. 

2) Is it necessary/advisable to do this mapping in the connector?




Answer
anonymous 4 months ago

The default schema allows the fields to be exported to, they are the names that are required for the API to work. Due to a mismatch in Aurion (and the ability to rename fields in the query tool), there needs to be a mechanism to map between the differently named fields.

The default schema should be used for the connectors that have one. Then use the mapping tool to map between these field names and those that are returned by the query (or the query schema provider).

0
Answered
Carol Wapshere 6 months ago in Identity Broker for Aurion • updated 5 months ago 17

I need some help troubleshooting an issue exporting updates to Aurion Security Users.

- The IdB connector is using the standard Aurion Security User connector.

- The adapter connects only to the connector - no joins or transformations.

- When I try to export from MIM I see "cd-error" on all exports - but there is no message.

- There is nothing in the IdB logs about this adapter at all - it's like it isn't even getting that far.

- I can refresh the MA schema, I have also cleared the connector space and re-imported from IdB - so I know connectivity to IdB is fine.

I have tried enabling Verbose logging and an IdB trace (sent separately). I'm looking for suggestions about how else I can troubleshoot this.

Answer
Curtis Lusmore 5 months ago

Resolved by switching the adapter DN template to UID=@IdBID

0
Declined
Carol Wapshere 6 months ago in Identity Broker for Aurion • updated by anonymous 6 months ago 12

Question on whether we can make the Aurion connector more resilient to a specific issue I'm seeing where Aurion will repeatedly send all report data twice. It sends the full set of output between <DocumentRoot> and </DocumentRoot>, then starts all over again, this time skipping the opening <DocumentRoot> tag but still terminating with a final </DocumentRoot>.

The problem is definitely on the Aurion side and the customer has raised a support ticket - but at the same time perhaps we can make IdB a bit more resilient? If it ignored everything after the first </DocumentRoot> we'd be ok here. If there's a good reason why we can't do that then that's ok - I just want to be able to explain to the customer.

Answer
anonymous 6 months ago

Looks like fields are missing including the most important - Person_Number!

0
Answered
Carol Wapshere 7 months ago in Identity Broker for Aurion • updated by Beau Harrison 7 months ago 13

Aurion is giving me multiple security records per person. I have been told the only way to select the correct record is to go for the one where "Clearance Date To" is NULL. How do I do this in IdB 5?

Answer
anonymous 7 months ago

The Aurion query tool should allow you to do this (Filters). Otherwise select a key that provides uniqueness and use the available transformations or solution code to select the correct record.

0
Answered
Eddie Kirkman 7 months ago in Identity Broker for Aurion • updated by anonymous 7 months ago 1

Quick question about the way IdB deals with duplicates and whether there are any other options. Customer has reported that their Aurion security connector is failing during processing because there is a duplicate record with the same key (PersonNumber). They have asked be how we should deal with this - I think my only answer is to advise them that their HR department needs to ensure they maintain uniqueness for PersonNumber in Aurion, but I just wondered if there are any other suggestions or ways to manage this sort of thing.

Answer
anonymous 7 months ago

Hi Eddie,

As with all connectors, uniqueness in the key is required. The options are to clean up data; find a key that is unique (e.g. User); or make use of a composite key.

Thanks.

0
Eddie Kirkman 8 months ago in Identity Broker for Aurion • updated by anonymous 8 months ago 3

My Aurion connectors are giving errors - I suspect a network / timeout issue. Is that just a matter of increasing the timeout for the agent (or getting a better network)?

Change detection engine import all items failed.

Change detection engine import all items for connector XXXXXX Security failed with reason Unable to connect to the remote server. Duration: 00:00:21.0082077

Error details:

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xxx.xxx.xxx.xxx:443

at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)

at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)

--- End of inner exception stack trace ---