0
Not a bug

Identity Broker v5 not listed when creating the agent in EB 3.2.1 #3

Carol Wapshere 1 year ago • updated by anonymous 1 year ago 9

Only choices are 3.0, 4.0 and 4.1. I tried 4.1 but it fails because it needs a username and password to be specified.

Answer

Answer

Hi Carol,

Note that in your Unify.Service.Event.exe.config file, the security element of the binding element is set to

<security mode="None">
  <transport clientCredentialType="None" proxyCredentialType="None"
      realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

but in your Unify.Service.Connect.exe.config file, it is set to

<security mode="TransportCredentialOnly"><transport clientCredentialType="Windows"/></security>

You will need to update one or the other to match. I would suggest changing the Event Broker configuration to match Identity Broker.

Not a bug

There is no username/password on either the server or client for the Identity Broker check changes operation. If you are referring to the LDAP endpoint, this isn't yet used in MIM Event Broker.

So how do I do an IdB check operation? I can't create one without creating the agent, and the agent doesn't list my version of IdB.

It's v4.1+ (via the WCF endpoint). The label has been updated in MIM Event Broker v4.0 which is awaiting release. See https://unifysolutions.jira.com/wiki/display/EB32/Identity+Broker

The error is actually "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'."

The WCF binding needs to match on the server and client.

I don't know what that means

See the earlier linked documentation for the agent, it describes what configuration I'm referring to. The rest is a configuration exercise to get the binding right for the environment.

I'm still not getting what it is I'm missing. Both IdB and EB are installed on the same server, default settings, should be nothing "environmental" to it. I already reviewed that page and the config section is already in the Unify.Service.Event.exe.config file. All endpoint addresses are set to localhost.

Answer

Hi Carol,

Note that in your Unify.Service.Event.exe.config file, the security element of the binding element is set to

<security mode="None">
  <transport clientCredentialType="None" proxyCredentialType="None"
      realm="" />
  <message clientCredentialType="UserName" algorithmSuite="Default" />
</security>

but in your Unify.Service.Connect.exe.config file, it is set to

<security mode="TransportCredentialOnly"><transport clientCredentialType="Windows"/></security>

You will need to update one or the other to match. I would suggest changing the Event Broker configuration to match Identity Broker.