Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
There is already a Test Mode concept but this appears to be limited when it comes to providing a pre-execution reporting mechanism for ANY pending change to a target system.
Existing MIM Best Practice has incorporated this capability for many years, and the equivalent is now required in the Broker+ and UNIFYConnect platforms
In order to support the unit testing requirements for transitioning PS solutions on Broker+ to the UNIFYConnect hosted platform, a test harness is required for all PowerShell transformations.
In my customer's TEST environment they are seeing AD sAMAccountName being updated for existing users where the join criteria are met. The only place where the sAMAccountName is set is in the outgoing pre-provisioning task, which should not be called for existing joined entities.
I have also seen a second confirmation that the task is being called for pre-existing users: the "AD Account Creation" notifications being repeatedly sent for a large number of entities every time a Baseline Sync is performed. The only place where that notification is sent is in that same outgoing pre-provisioning task.
When an adapter entity is deleted any persistent joins remain and block subsequent joins to remediated data.
Steps to reproduce
1. Configure a Link with outbound provisioning and persistent joins configured
2. Import an adapter entity that is intended to join a locker entity, but which is missing its join criteria field value
3. The link will provision a "duplicate" record (thereby creating an internal "Join" for the newly provisioned adapter entity)
4. To clean up the duplicate, delete the SoT for the "duplicate" adapter record and update the "intended" record to have a correct join criteria field value
5. Attempt to join the locker to the newly corrected adapter entity - it fails and re-provisions the "duplicate" record again
I am seeing this familiar error:
(Baseline synchronization failed with the message "Source entity '93fe60b9-05ba-4b92-b167-80738bdad66a' shares a join target with another source entity: '695411ab-e878-4ae2-9e39-f04267ac6767'. Cannot proceed with join.". See logs for more details.)
I can't see why this is the case - the join criteria is on source field 'EmployeeNumber' and those two source entities have different values:
Could you please look at the joins in the database and tell me what's going on internally to see if that sheds light on how this has happened?
The environment has been running for months now, untouched from an administrative perspective.
Because I can see 66 pending incoming updates on that link that aren't being processed it seems like this failure is either (a) blocking all subsequent mappings for that link, or (b) happening for 66 different joins. The customer reported that their upstream changes are not flowing through to AD.
If an adapter has an incomplete entity on a link (i.e. no matching locker entity for the join criteria) then currently UNIFYBroker reports a warning. In many circumstances it would be appropriate to delete the adapter entity in this situation, to ensure the external data source was kept in sync with the locker. Add a configuration flag to enable this functionality.
When a Baseline Sync runs on a link the connector's update export functionality is called to update every entity, even when there are no field value changes. This places an unnecessary load on UNIFYBroker and performs null updates against the external system for no discernible reason, and since UNIFYBroker/Plus is unable to sync any other links while this takes place can result in unnecessary processing delays while the connector is busy effectively doing nothing.
I am seeing: Baseline synchronization failed with the message "Source entity 'b5d56da5-a8af-4088-b98c-4b78a693b093' shares a join target with another source entity: 'fa457ecd-b5a7-4708-886b-747ca82da40a'. Cannot proceed with join.". See logs for more details.
Both source entity have a join field value of NULL, and there are no target entities with a join field value of NULL.
I tried deleting entities and reloading them, but the error remains. The mapping of field values through to other locker entities is not happening, and I would like to know if the join failure is the cause of this.
As the error message says, both of those source entities have the same join target, which may or may not exist until provisioning occurs. If the schema fields you're using can contain nulls and you want the sync to progress I'd recommend adding a Has Value filter on the join fields.
Connection-aware join not persisting for outgoing link when join criteria field value changes - new adapter entity is created and old one is left behind
When a locker's Cloud Group Name field is updated this configuration causes the creation of a new adapter/connector entity. The old adapter/connector entity is retained. After the
The functionality is needed to allow solutions to have changes to entity key/join fields flow through to downstream systems.
In a UNIFYConnect environment I have configured a Bidirectional mapping. For my locker entities there is a value in the field, and in the adapter entity the field is empty. When I run a Baseline Sync the values are not being copied to the adapter entities.
There are no errors in the UNIFYBroker log file.
Customer support service by UserEcho