GTR Filters are not displayed on Connector. One must disable connector, then go into configuration to see configuration.

The chris21 connector will always re-retrieve an updated entity from the repository for attachment handling. The retrieval should be moved entirely within the scope of the attachment handling section to avoid this needless performance hit.

Could someone please tell me, or point me towards, the documentation which tells me the exact requirements for the IdB service account.

Executing an MA attached to a disabled adapter will import the last processed entity count
See screenshot attached

The LDAP engine is unable to process multiple modify requests to a single entity if they occur on the same page. It is simple enough to make the request handler map entity IDs to a list of requests rather than just a single request, but the real problem is merging the changes on the change report (which deals with IConnectorEntitys). Perhaps the effects of the requests should be merged at a level higher than this.

There are currently no known systems that will send requests like this, so this is not urgent.

I have configured the following adapter which references a placeholder PERSON connector, and I am trying to get back an "Orgs" collection using a Relation.Group.dn transformation. The following is my adapter configuration:

        <!-- 000 Person -->
        <AdapterConfiguration BaseConnectorId="{A672CB12-2CA2-498b-8992-EAB883A1FC44}"
              AdapterId="{8291D830-AAA8-4e69-B4E7-AB1C4ABA53E7}"
              AdapterName="Person Adapter"
              class="person" >
          <dn>
            <dnComponent name="Field" key="AccountName" attributeType="UID" />
            <dnComponent name="Constant" value="People" attributeType="OU" />
          </dn>
          <adapterEntityTransformationFactory name="ChainList">
            <adapter name="Relation.Group.dn"
               InputKey ="AccountName"
               RelationshipConnectorId ="{429AE766-0A1F-404a-ACC1-B4804C859146}"
               RelationKey ="UserIDName"
               RelationReference ="subKey"
               GroupTarget="Orgs">
              <dn>
                <dnComponent name="Field" key="Code" attributeType="UID" />
                <dnComponent name="Constant" value="Orgs" attributeType="OU" />
              </dn>
            </adapter>
          </adapterEntityTransformationFactory>
          <image>removed</image>
        </AdapterConfiguration>

The problem I have is that this will return all (distinct) subKey objects associated with the UserIDName derived from an existing claims connector, where I only want to return those where another claims attribute ApplicationName="ESS". Is this possible, and if so how?

Update the agent UI so that the content type setting automatically switches when that agent type setting is changed:

When somebody has a chance, can you please create a 64-bit installer for this?

No rush as x86 works fine, just means I have to copy files which is a bit of a pain

Cheers

I have a requirement to send a password in clear text within the HTTP header (only protection is SSL) when calling the SAP ODATA API. This cannot be in encoded form, so I cannot use the standard approach used say when calling the Exchange API to provision a mailbox. Is there a way that an encoded password can be accessed and decoded from within the Identity Broker configuration itself (e.g. via a $variable), so that it is not exposed to anyone viewing the IdB configuration?

As an alternative to the Exchange style file-based encoding mechanism I am saving the Base64 encoded password to a text file for now, but this is not exactly secure. If the answer to the above is no, and there are any alternatives that you are aware of please advise.

CSO have deployed an Identity Broker for SAS2IDM, which is a custom application (apparently written in-house by CSO?) which does nothing more than consolidate data from 43 school "SAS2000" instances of the same remote SQL database table into a consolidated single database (not sure but I think to separate tables within the same db) ... and at the same time constructing a unique key (school ID concatenated to student ID). This is achieved using a monolithic database view (suspect this is a SQL union).

Given that this tool was built (it seems) prior to UNIFY's engagement (some time after March 2011) to build the Identity Broker for SAS2IDM (CA November 2011 - although Shane Lim may have built an earlier version which wasn't used), there appears to be no discussion about how Identity Broker might be used to access each SAS2000 database using 43 separate instances of the same connector schema, and combine them into a single adapter, thereby making the SAS2IDM application redundant. This would be a good thing as it would dramatically simplify the architecture.

The question is this ...

Can such an adapter be built now using the latest 3.0.7 version of the Identity Broker software, using an adapter configuration something like the following:

compositeAdapterConfiguration>
<AdapterEngineCOnfigurations>
<Adapter Configuration BaseConnectorID="1" class="person />
<Adapter Configuration BaseConnectorID="2" class="person />
<Adapter Configuration BaseConnectorID="3" class="person />
...

or would a new transformation(s) need to be developed to support this?

Given that I can think of 2 sites where this requirement would have been considered too (News Ltd before they consolidated on a single HR instance, and an ACT education site somewhere), I expect this concept is not new.

To explain the architectural reason for consolidating 43 connectors into a single adapter like this is so that we have a single FIM MA with a single CS/MV/Portal object, currently managed by 10+10+10 FIM policy objects. If we tried to suggest 43 management agents here, that totally wouldn't fly (43x30=1290 FIM policy objects and a maintenance nightmare).