Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

Under review

Change Polling sometimes doesn't run when there are pending changes

Occasionally Change Polling won't start, even though there are pending sync changes showing.  Running a Baseline Sync clears the issue and subsequent changes make Change Polling work normally, so the workaround is to always have periodic Baseline Syncs scheduled in the solution.

Sadly, I have no idea what causes this or how to replicate it so it is likely to be quite difficult to track down.


Button to run a Scheduled Job

Adrian Corston 1 year ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 12 months ago 1

I'd like a button for each Scheduled Job that manually runs it when clicked.


Unicode support in the CSV connector

I have Unicode data in a locker field, sourced from a PowerShell connector, which looks file in the UNIFYBroker UI:

Image 6404

However when I export it to a CSV connector, the non-latin1 character doesn't appear to be correct:

Image 6405

(viewed using Notepad++)

Does the CSV connector support Unicode characters?

Not a bug

UNIFYBroker API cannot access the log file because it is being used by another process

Adrian Corston 1 year ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 5 months ago 2

In UNIFYConnect when attempting to retrieve a log file via the API it usually works fine but once I saw this error.  This is a very low priority issue for me.

20221214,20:00:16,UNIFYBroker,SyncEngine,Information,"Request to baseline synchronize link completed.
Request to queue a baseline synchronization job for the 'Employee > AD User' link completed. Duration: 00:00:12.2592180",Normal
20221214,20:00:19,UNIFYBroker,Logging engine,Warning,"Request to download log file.
Request to download log file for 12/14/2022 failed with message The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.. Duration: 00:00:00.1899900
Error details:
System.IO.IOException: The process cannot access the file 'C:\app\Services\Logs\UnifyLog20221214.csv' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at Unify.Framework.Logging.CsvLogReaderWriter.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingEngine`1.DownloadLogFile(DateTime date)
at Unify.Framework.Notification.NotifierDecoratorBase.Notify[TResult](ITaskNotificationFactory notificationFactory, Func`1 function)
at Unify.Framework.Logging.LoggingEngineNotifierDecorator.DownloadLogFile(DateTime date)
at Unify.Framework.Logging.LoggingController.DownloadLogFile(Int32 year, Int32 month, Int32 day)
at lambda_method(Closure , Object , Object[] )
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters)
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()",Normal

Adrian Corston 5 months ago

Just found a second occurrence; it may be happening when two or more log retrieval API calls are invoked simultaneously.  I have updated my implementation to not do that.

Won't fix

Entities keep reprovisioning for Simple Join Resolution links

Adrian Corston 1 year ago in UNIFYBroker/Plus updated 1 year ago 5

Using a link with Simple Join Resolution I see the same target entity being re-provisioned every time the Baseline Sync runs.

Image 6400

Image 6401

The problem continues until the duplicate detection algorithm fails to generate unique values for key fields like CN.

I'll put environment details and logs in the next comment.


Rebuild Aurion connector mapping table after report schema update

After an Aurion report is modified and Request Schema is run, the Schema attribute<->Mapping element table isn't updated.  It's not possible to add mappings for any new fields, and old fields remain in the table, which is confusing.

When a Request Schema is run, non-existant report field mappings should be removed, and any currently missing ones should be added.


UNIFYBroker/Plus attempting to join source to incorrect target

Adrian Corston 1 year ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 1 year ago 5

Log says:

20221129,21:30:25,UNIFYBroker,Link,Error,"Request to sync changes on link failed.  Request to sync changes on link Employee > AD User (ad53013b-b271-4ed6-a959-dc11aeaa5eca) in direction outgoing failed with message Source entity '0b5d5a72-fd60-4777-b1ef-f1d4a035c87d' cannot be joined to ambiguous join targets: [391e6395-a3c2-424c-9799-30a98508ac1f, 5a6e4486-75f8-4487-ab8f-4eeccf06a524]. Cannot proceed with join. [Count:4321]. Duration: 00:00:04.5645340

Link join criteria is:

Image 6392

Source entity is:

Image 6393

Target entities are:

Image 6394

Image 6395

Why would an attempt to join to 5a6e4486-75f8-4487-ab8f-4eeccf06a524 be happening, given it doesn't match the join criteria?


The root cause of this was staff from the customer's outsourced IT department updating employeeID values wrongly, in contravention of documented processes.

Please close this ticket and mark 'not a bug'.

Under review

Join calculation for source entity cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.

Adrian Corston 1 year ago in UNIFYBroker/Plus updated 1 year ago 3

After the customer remediated duplicate employee IDs in AD, UNIFYBroker is still unable to correctly join and process links.  The error message has changed to:

Synchronization job failed syncing 4322 changes on the 'Employee > AD User' link from the adapter to locker with the reason Join calculation for source entity 'e892faf3-5c17-4e9c-9be9-f9ee33cc68fe' cannot be completed due to an invalid connection state. Reason: Source entity has multiple connections.. Job ID: bf3c52ec-49a2-4655-8f00-360a6ffce78c Duration: 00:00:04.2503352

I'll attach the email thread with the customer that provides background to the next message.


Identifying previously denied entities in UNIFYBroker/Plus post-provisioning and synchronisation tasks

Adrian Corston 1 year ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 1 year ago 2

Entities that have been pushed onto $denySync in an link's pre-provisioning task may need to be excluded from certain operations in the synchronisation and post-provisioning tasks.  For example, if an AD user has not been excluded from provisioning then an attempt to assign birthright AD groups will always fail, and should not be performed.

If would be helpful if there was some mechanism (e.g. a $denySync.ContainsEntity($Entity) method which returns $True if the entity has been .Push()ed previously) to allow detection of this situation.

The current workaround is to duplicate/copy the code from the pre-provisioning task which determines when to add the entity to $denySync into the post-provisioning and/or synchronisation task.

Under review

HPRM Trim associations connector failing to import

Hayden Gray 1 year ago in UNIFYBroker/Micro Focus Content Manager updated 1 year ago 9

I am currently experiencing issues importing with a trim associations connector, I believe its the same as The issue in particular is a timeout issue generating the below error. I don't recall a time when this connector was ever working as it has been misconfigured in the past. Please note other location connectors work fine and the agent connector successfully.

Image 6374

Some issue we had in the past, were this connector appeared to be mapped to the "location" connector and has since been update to the "associations".

Image 6375

Thinking something that was possibly incorrect with this config, I tried creating a new connector from scratch and the xml generated is the following, which appears to be the wrong connector type.

Image 6376

Apologies for the images instead of copy/paste, I cannot easily get the config out of the environment. Let me know if you need more information.

Currently running UNIFYBroker 5.3.3

HP TRIM connector