Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Identity Broker for NIM requires a permanent, unique key be specified for associations

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 11

I have a question about Identity Broker that relates to the SA Water Project I am currently working on. This is probably a question which I will need to talk with someone about, but thought I should follow the process and put it in Jira first.

Patrick, I have assigned this to you on the basis of advice from Shane, as you are the Prduct Group Operations Leaad, as per the Jira page on Product Group Support (https://unifysolutions.jira.com/wiki/display/PRDGRP/Support)...

I have a problem with the the interaction between Identity Broker and NIM, I am hoping that this is a lack of understanding on my part.

What I need to be able to do is trigger the equivalent of a FIM full import. The mechanism for doing this within NIM is called a "migrate from connected system". This fails within NIM with the error message: "Not enough information to migrate instance xxx"

To achieve the same result, I think one of the following two options may work:

1. If I was able to specify which attribute in the Adapter is used as the Unique Key provided to NIM (if I could specify the detnumber from CHRIS21 as the key that would be great); this is currently a DN which changes when you "Clear all connectors". This causes a problem in NIM because it makes every record seem like an entirely new "person" until it attempts to match the record; then the matched recoird thinks it has a different matching record from CHRIS21 and thows an erro in NIM
2. Or, is it possible specify that all records in the adapter space are "new" whilst keeping the previous DN.I think this would be similar to clearing all associated changes records in the entity repository without generating a new DN for the record in the adpater space...

0
Fixed

IdB NIM - Updates from Identity Broker not Presented to NIM

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 9

This is a continuation of the CIT / SSICT implementation.

Updates pushed into Identity Broker from FIM aren't presented to NIM as updates.

Here is an extract of the NIM DirXML logs that shows the error message:

5/06/2012 15:04:36.12v: 0 CIT Driver L3 PT:UnifyPublicationShim: polling
5/06/2012 15:04:36.12v: 0 CIT Driver L3 PT:UnifyPublicationShim: createWebServiceInterface: URL: http://192.168.16.230:59990/IdentityBroker/NIMDriver.svc?wsdl
5/06/2012 15:04:36.12v: 0 CIT Driver L3 PT:UnifyPublicationShim: createWebServiceInterface: Creating service
5/06/2012 15:04:36.13v: 0 CIT Driver L3 PT:UnifyPublicationShim: createWebServiceInterface: Creating interface
5/06/2012 15:04:36.14v: 0 CIT Driver L3 PT:UnifyPublicationShim: createWebServiceInterface: Returning port
5/06/2012 15:04:36.69v: 0 CIT Driver L3 PT:UnifyPublicationShim: javax.xml.ws.soap.SOAPFaultException: Specified method is not supported.


ModifyExport-2012-06-06.xml
NewExport-2012-06-06.xml
Unify.Adapters.NovellIdentityManagerAdapter.zip
0
Fixed

SA Water - Subscriber Errors; Automated Flows from NIM to Identity Broker

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 5

It seems that an operation called "Merge Attributes" doesn't follow all of the same rules in the driver in Novell Identity Manager.

I am seeing that when such an operation occurs (after an update to NIM) the subsequent update sent to Identity Broker fails. I have no idea why the merge operation behaves differently, If I change an attribute (such as email address) in eDirectory, the update flows and Identity Broker returns success (excerpt of trace at end);

Please not there is no point trying to correlate these errors by using the date/timestamp as the NIM server keeps on randomly assigning itself a new time... I can reproduce these errors (& successful transactions) though.

Here are the errors (warnings actually) that appear in the Identity Broker Console:

Timestamp Severity Source Module Message
26/07/2011 4:16:44 AM Warning An entity failed validation. Adapter The entity 5887c669-9f2c-4dfc-b507-009585afb47e on connector 34b83581-377c-41b5-afb9-2a705076285f failed validation 1 times for the following reasons: detnumber is a required field and is not present.

26/07/2011 4:16:44 AM Warning Adapter request to save entity to adapter space failed. Adapter "Adapter request to save entity 5887c669-9f2c-4dfc-b507-009585afb47e to adapter space 53e85508-7648-409c-bd3a-0737028eba29 failed with reason 1 items failed schema validation during Adapter operation. Check log for validation errors.. Duration: 00:00:00
Error details:
Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation. Check log for validation errors.
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)"

Here is what I believe to be the relevent portion of the NIM Trace File:

26/07/2011 14:17:18.05v: 0 CHRIS21-IdB L3 PT:Performing operation modify for \SAWWFT\RES\Users\User\JAMYBSM1.
26/07/2011 14:17:18.05v: 0 CHRIS21-IdB L3 PT:Modifying entry \SAWWFT\RES\Users\User\JAMYBSM1.
26/07/2011 14:17:18.15v: 0 CHRIS21-IdB L3 PT:Scheduling update of application with eDirectory values.
26/07/2011 14:17:18.15v: 0 CHRIS21-IdB L3 PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="5" from-merge="true" qualified-src-dn="O=RES\OU=Users\OU=User\CN=JAMYBSM1" src-dn="\SAWWFT\RES\Users\User\JAMYBSM1" src-entry-id="36598">
<association>MYBSM1</association>
<modify-attr attr-name="mobile">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Facsimile Telephone Number">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Internet EMail Address">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="Telephone Number">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>

>
>Some irrelevent Detail removed from here
>

26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:UnifySubscriptionShim: execute end
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:SubscriptionShim.execute() returned:
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:
<nds dtdversion="1.0" ndsversion="8.5">
<output>
<response event-id="1" level="error">
Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation. Check log for validation errors.
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)
</response>
</output>
</nds>
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Applying input transformation policies.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Applying policy: Read All Attributes.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST: Applying to response #1.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Policy returned:
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:
<nds dtdversion="1.0" ndsversion="8.5">
<output>
<response event-id="1" level="error">
Unify.Framework.AdapterSchemaException: 1 items failed schema validation during Adapter operation. Check log for validation errors.
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)
</response>
</output>
</nds>
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Applying schema mapping policies to input.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Applying policy: CHRISMappingRules.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Resolving association references.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Processing returned document.
26/07/2011 14:17:19.60v: 0 CHRIS21-IdB L3 ST:Processing operation <response>
for .

Here is what the trace looks like for a successful transaction:

17/05/2011 15:38:56.17v: 0 Level 3 Chris21 ST:Start transaction.
17/05/2011 15:38:56.17v: 0 Level 3 Chris21 ST:Processing events for transaction.
17/05/2011 15:38:56.17v: 0 Level 3 Chris21 ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20110517053856.135Z" class-name="User" event-id="W2K3-R2-001-NDS#20110517053856#1#1" qualified-src-dn="O=RES\OU=Users\OU=User\CN=AM102983" src-dn="\SAWWFT\RES\Users\User\AM102983" src-entry-id="38266" timestamp="1305610736#1">
<association state="associated">f3b39b95-57ce-40b9-a5bd-f89dcc7d9aed</association>
<modify-attr attr-name="Internet EMail Address">
<add-value>
<value timestamp="1305610736#1" type="string">totally@amazing@sawater.sa.gov.au</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST:Applying event transformation policies.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST:Applying policy: Updates to Chris.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST: Applying to modify #1.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST:Policy returned:
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST:

> some repeated stuff removed from here

17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST:Applying policy: Event Transformation.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST: Applying to modify #1.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST: Evaluating selection criteria for rule 'Veto all other changes'.
17/05/2011 15:38:56.22v: 0 Level 3 Chris21 ST: (if-class-name equal "User") = TRUE.
17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST: (if-association not-associated) = FALSE.
17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST: Rule rejected.
17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST:Policy returned:
17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST:

> some stuff repeated removed from here

17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST:Subscriber processing modify for \SAWWFT\RES\Users\User\AM102983.
17/05/2011 15:38:56.25v: 0 Level 3 Chris21 ST:No command transformation policies.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:Filtering out notification-only attributes.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:Fixing up association references.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:Applying schema mapping policies to output.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:Applying policy: CHRISMappingRules.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST: Mapping attr-name 'Internet EMail Address' to 'CC-Email'.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST: Mapping class-name 'User' to 'person'.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:No output transformation policies.
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:Submitting document to subscriber shim:
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:

> some stuff repeated removed from here

17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: execute start
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: createWebServiceInterface: URL: http://192.168.0.230:59990/IdentityBroker/NIMDriver.svc?wsdl
17/05/2011 15:38:56.26v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: createWebServiceInterface: Creating service
17/05/2011 15:38:56.32v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: createWebServiceInterface: Creating interface
17/05/2011 15:38:56.34v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: createWebServiceInterface: Returning port
17/05/2011 15:38:56.71v: 0 Level 3 Chris21 PT:UnifyPublicationShim: polling
17/05/2011 15:38:56.71v: 0 Level 3 Chris21 PT:UnifyPublicationShim: createWebServiceInterface: URL: http://192.168.0.230:59990/IdentityBroker/NIMDriver.svc?wsdl
17/05/2011 15:38:56.71v: 0 Level 3 Chris21 PT:UnifyPublicationShim: createWebServiceInterface: Creating service
17/05/2011 15:38:56.89v: 0 Level 3 Chris21 PT:UnifyPublicationShim: createWebServiceInterface: Creating interface
17/05/2011 15:38:56.91v: 0 Level 3 Chris21 PT:UnifyPublicationShim: createWebServiceInterface: Returning port
17/05/2011 15:39:00.48v: 0 Level 3 Chris21 ST:UnifySubscriptionShim: execute end
17/05/2011 15:39:00.48v: 0 Level 3 Chris21 ST:SubscriptionShim.execute() returned:
17/05/2011 15:39:00.48v: 0 Level 3 Chris21 ST:
<nds dtdversion="1.0" ndsversion="8.5">
<output>
<response event-id="W2K3-R2-001-NDS#20110517053856#1#1" level="success"/>
</output>
</nds>

0
Fixed

Update NIM to return entity key instead of id

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 2

PJ: When new entities are created, the entity id is being returned to NIM but should be updated to return the key.


Unify.Adapters.NovellIdentityManagerAdapter.zip
0
Fixed

CIT Identity Broker should NOT return update from NIM back to NIM as ADD

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 21

This issue relates to another situation wherby the expected response from a connected system is different for Novell Identity Manager (NIM) than for FIM.

Here is the process that currently occurs at CIT:

1. A new record for a person is created in eDirectory at CIT
2. The NIM driver for Identity Broker sends the new record to IdB
3. IdB acknowledges the new record to NIM and sends back the unique number to use to associate that record
4. On next poll of IdB by NIM, IdB sends the new record from item 1 as an ADD
5. NIM processes the record as an add
6. During the ADD processing NIM identifies that it already has a record for that person & changes the add to a modify
7. NIM processing contines to process data from the record as a modify, potentially sending updates to other connected systems

Here is the process that NIM would expect to see:

1. A new record for a person is created in eDirectory at CIT
2. The NIM driver for Identity Broker sends the new record to IdB
3. IdB acknowledges the new record to NIM and sends back the unique number to use to associate that record
4. On next poll of IdB by NIM, IdB does NOT send any information back to NIM, the new record will apear in IdB as a complete record but is not passed to NIM as an update.

I.e. Because NIM uses the acknowledgement from IdB as an indication that the record was recieved by the connected system it doesn't need the ADD to be sent back, when the ADD from IdB is seen by NIM it thinks that it is an actual add for that person... I realise that FIM does require the new record to be seen as an add, however NIM does not.

In summary here is what I would like to see: If an add / modify is sent by NIM to IdB that should NOT be presented back to NIM as an add / modify it shuld just update IdB and IdB should effectively consider that the add / modify has already been sent to NIM.


NIM 3075 patch.zip
ST-FullTransaction-2012-05-09.xml
0
Answered

Identity Broker for chris21 errors when attempting to write to fax attribute

Nick Mathas 13 years ago in UNIFYBroker/Novell Identity Manager updated by anonymous 9 years ago 8

Here is an error I am getting when I attempt to write the fax attribute (alttele) to CHRIS21... I think this is the same error reflected twice.

Identity Broker Errors:

Timestamp Severity Source Module Message
26/07/2011 3:26:26 PM Warning Save entities to connector failed. Connector "Save entities Count:1 to connector Chris21 Person Connector failed with reason GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.. Duration: 00:00:00.1552735
Error details:
System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.
at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine)
at Unify.Framework.Chris21GtrWorker.CheckUpdateResult(IChris21GtrRecord updateResultRecord)
at Unify.Communicators.Chris21GtrCommunicatorBase.Update(IChris21GtrEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntity(IConnectorEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.ConnectorToWritingConnectorBridge.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.EventNotifierWritingConnectorDecorator.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)"

Timestamp Severity Source Module Message
26/07/2011 3:26:26 PM Warning Adapter request to save entity to adapter space failed. Adapter "Adapter request to save entity bb2a8727-836e-4c78-a7e0-8871b03367a9 to adapter space 53e85508-7648-409c-bd3a-0737028eba29 failed with reason GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.. Duration: 00:00:00.3388672
Error details:
System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute.

Chris21 GTR returned no additional error messages.
at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine)
at Unify.Framework.Chris21GtrWorker.CheckUpdateResult(IChris21GtrRecord updateResultRecord)
at Unify.Communicators.Chris21GtrCommunicatorBase.Update(IChris21GtrEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntity(IConnectorEntity entity)
at Unify.Connectors.Chris21GtrConnectorBase`1.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.ConnectorToWritingConnectorBridge.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.EventNotifierWritingConnectorDecorator.SaveEntities(IEnumerable`1 entities)
at Unify.Framework.Adapter.SaveEntities(IEnumerable`1 entities, Boolean reflect)
at Unify.Framework.Adapter.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Framework.AdapterNotifierDecorator.SaveEntity(IAdapterEntity entity, Boolean reflect)
at Unify.Adapters.NovellIdentityManagerIdentityBrokerDriverAdapter.PerformSubscribeModifyAction(XElement actionNode, IAdapter adapter)"


FaxNumberConvertPolicy.xml