Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

  1. Forum: UNIFYBroker Forum
  2. UNIFYBroker/Google Apps
0
Not a bug

Google Groups: External Members email address case mismatch

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 7 years ago 2

I have found issues with differences in case between MIM and Google is causing unnecessary exports. To overcome this I have ensured all email addresses exports are in lowercase, the exports are successful but a subsequent import from Google returns the addresses in the original case.

I have found an anomaly in Google where one view shows the addresses in lowercase and another in mixed case. I suspect that although the email address case changes successfully it is not synchronised everywhere.

Admin Console View

Image 3909

Google Groups View

Image 3910

  • Is there another membership attribute that can be used instead?
  • Is there a transformation that can convert to lowercase (multi-valued field)? MIM cannot do this for confirming imports.
  • Is it possible/appropriate to add an option to the Connector to import all email addresses as lowercase?
Answer
anonymous 7 years ago

No response.

0
Completed

Gmail Settings remove Lables

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 1

Labels is one of the settings available in the GMail API and results in a large amount of data being retuned. As there is not IAM requirement for Labels settings I would recommend it is removed from the Google User/GMail Settings Connector.

Answer
anonymous 8 years ago

Remove any non-required fields from the schema - that way the call won't be made as each of the fields are done as separate calls.

0
Fixed

Google User Settings Connector import failing

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 7 years ago 36

Import is failing for Google User Settings Connector after exactly 1 hour (log entries attached).

Error Google User Settings.txt

Answer
anonymous 7 years ago

No response.

0
Fixed

Failure adding a group as a member of another group in Google Apps

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 1

I am getting the error below when adding a group with other groups as members. I can add the groups to membership manually and the subsequent import imports the membership with the correct DN.

Error Nested Group Members.txt

Image below shows the groups added manually and the one that is failing. The failing group was added manually to confirm it is possible.

Image 3702


Answer
anonymous 8 years ago

There was a difference in how groups were calculated over users. See v5.0.0.2.

0
Answered

Email Address changes in Google Apps

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 6

I am using the email address in the DN and have a requirement to allow accounts to be renamed. There are no other attributes that are suitable for use in the DN.

If I change the email address attribute it will fail (error attached) as it is being used in the DN. I have attempted change the DN however MIM is processing it as an attribute flow instead of a rename (error and screenshot attached).

Error Email Address Change.txt

Error DN and Email Address Change.txt

Answer
anonymous 8 years ago

User rename split out from user update so that it does only what is required. See v5.0.0.2.

0
Fixed

Passwords are not set on Google account creation

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 7 years ago 8

When a new account is created an error is generated in the IdB log and the user is created in Google, however the password has not been set.

Packet Trace: UserCreate.pcap

Log: UnifyLog20170117.csv



Answer
anonymous 7 years ago

Apologies Boyd, I left out a couple of extra DLLs. I just dropped this patch onto a fresh v5.0.5 install to check and the service starts and I'm able to create adapters fine, so hopefully this resolves it for you.

UE2816 Patch 2.zip

0
Fixed

Google User Settings Connector does not work in v5

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 5

Google User Settings Connector does not work in version 5 as some options are not able to be configured in the UI. Settings Screenshots.docx

An attempt was made to edit settings directly in the xml configuration file based on V4, however this was not successful.

Answer
anonymous 8 years ago

Unify.IdentityBroker.Connector.Google.Web.dll

Copy file to web\bin. It'll be available in the next release.

0
Fixed

Google Groups - Clearing External Membership

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 6

Clearing all External Members from Google Groups is not working, there is no error reported during the export however membership remain unchanged.

Answer
anonymous 8 years ago

Hi Boyd

I've found that this issue was being caused by a defect which has already been fixed and is included in Identity Broker v5.0.5 RC1. Are you able to upgrade to this version?

0
Fixed

Google Apps Group Import Error

Boyd Bostock 8 years ago in UNIFYBroker/Google Apps updated by anonymous 8 years ago 7

Google Connector 5.0.0.0

Google Group Connector import is failing after a period of time, the error message does not indicate which group is triggering the error.

A test connector was created and the following found:

  • Works successfully if the Membership schema was not added.
  • Fails when membership schema is added.
  • Fails when Group Settings schema is added (without Membership)
Error details:System.AggregateException: One or more errors occurred. ---> System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]
"". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]


at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body)
at Unify.Product.IdentityBroker.GoogleAgent.ProcessedGroups(Func`1 getDirectoryService, Func`1 getGroupsSettingsService, ConcurrentBag`1 directoryServices, ConcurrentBag`1 groupsSettingsServices, GroupEntityAdapter groupAdapter, GroupSettingsEntityAdapter groupSettingAdapter, IGroupMembersEntityAdapter groupMembersAdapter, IEnumerable`1 groupsValue, Boolean manageGroupSettings, GroupMembersReadMethod groupMembersReadMethod, String[] groupNameSuffixWhitelistFilter)
at Unify.Product.IdentityBroker.GoogleAgent.<InternalGetGroupPages>d__eb.MoveNext()
at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ProduceAutoPages>d__7`1.MoveNext()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass33_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
---> (Inner Exception #0) System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]
"". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
EntityDoesNotExist [400]
Errors [
Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global]
]


at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)<---
",Normal
Answer
anonymous 8 years ago

It's currently looking like Google have made another internal change - returning 400 now as an additional error code that requires the exponential back-off. My last couple of runs have gone through fine now that they are retrying following this error. Please try with Unify.IdentityBroker.Communicator.Google.dll and let me know how it goes.

0
Completed

Add support for new object types and fields

Adam van Vliet 8 years ago in UNIFYBroker/Google Apps updated by anonymous 7 years ago 1

Add support for new object types, e.g.:

  • Roles;
  • Roles Assignments;
  • Users - customSchemas.
Answer
anonymous 7 years ago

No interest/votes. Reopen if requested.



Customer support service by UserEcho