Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Google Groups: External Members email address case mismatch
I have found issues with differences in case between MIM and Google is causing unnecessary exports. To overcome this I have ensured all email addresses exports are in lowercase, the exports are successful but a subsequent import from Google returns the addresses in the original case.
I have found an anomaly in Google where one view shows the addresses in lowercase and another in mixed case. I suspect that although the email address case changes successfully it is not synchronised everywhere.
Admin Console View
Google Groups View
- Is there another membership attribute that can be used instead?
- Is there a transformation that can convert to lowercase (multi-valued field)? MIM cannot do this for confirming imports.
- Is it possible/appropriate to add an option to the Connector to import all email addresses as lowercase?
Gmail Settings remove Lables
Labels is one of the settings available in the GMail API and results in a large amount of data being retuned. As there is not IAM requirement for Labels settings I would recommend it is removed from the Google User/GMail Settings Connector.
Remove any non-required fields from the schema - that way the call won't be made as each of the fields are done as separate calls.
Google User Settings Connector import failing
Import is failing for Google User Settings Connector after exactly 1 hour (log entries attached).
Failure adding a group as a member of another group in Google Apps
I am getting the error below when adding a group with other
groups as members. I can add the groups to membership manually and the
subsequent import imports the membership with the correct DN.
Error Nested Group Members.txt
Image below shows the groups added manually and the one that is failing. The failing group was added manually to confirm it is possible.
There was a difference in how groups were calculated over users. See v5.0.0.2.
Email Address changes in Google Apps
I am using the email address in the DN and have a requirement to allow accounts to be renamed. There are no other attributes that are suitable for use in the DN.
If I change the email address attribute it will fail (error attached) as it is being used in the DN. I have attempted change the DN however MIM is processing it as an attribute flow instead of a rename (error and screenshot attached).
User rename split out from user update so that it does only what is required. See v5.0.0.2.
Passwords are not set on Google account creation
When a new account is created an error is generated in the IdB log and the user is created in Google, however the password has not been set.
Packet Trace: UserCreate.pcap
Log: UnifyLog20170117.csv
Apologies Boyd, I left out a couple of extra DLLs. I just dropped this patch onto a fresh v5.0.5 install to check and the service starts and I'm able to create adapters fine, so hopefully this resolves it for you.
Google User Settings Connector does not work in v5
Google User Settings Connector does not work in version 5 as some options are not able to be configured in the UI. Settings Screenshots.docx
An attempt was made to edit settings directly in the xml configuration file based on V4, however this was not successful.
Unify.IdentityBroker.Connector.Google.Web.dll
Copy file to web\bin. It'll be available in the next release.
Google Groups - Clearing External Membership
Clearing all External Members from Google Groups is not working, there is no error reported during the export however membership remain unchanged.
Hi Boyd
I've found that this issue was being caused by a defect which has already been fixed and is included in Identity Broker v5.0.5 RC1. Are you able to upgrade to this version?
Google Apps Group Import Error
Google Connector 5.0.0.0
Google Group Connector import is failing after a period of time, the error message does not indicate which group is triggering the error.
A test connector was created and the following found:
- Works successfully if the Membership schema was not added.
- Fails when membership schema is added.
- Fails when Group Settings schema is added (without Membership)
Error details:System.AggregateException: One or more errors occurred. ---> System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError EntityDoesNotExist [400] Errors [ Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global] ] "". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError EntityDoesNotExist [400] Errors [ Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global] ] at Google.Apis.Requests.ClientServiceRequest`1.Execute() at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) --- End of inner exception stack trace --- at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d() at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException) at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group) at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c() at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask) at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0) --- End of inner exception stack trace --- at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken) at System.Threading.Tasks.Task.Wait() at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally) at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally) at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body) at Unify.Product.IdentityBroker.GoogleAgent.ProcessedGroups(Func`1 getDirectoryService, Func`1 getGroupsSettingsService, ConcurrentBag`1 directoryServices, ConcurrentBag`1 groupsSettingsServices, GroupEntityAdapter groupAdapter, GroupSettingsEntityAdapter groupSettingAdapter, IGroupMembersEntityAdapter groupMembersAdapter, IEnumerable`1 groupsValue, Boolean manageGroupSettings, GroupMembersReadMethod groupMembersReadMethod, String[] groupNameSuffixWhitelistFilter) at Unify.Product.IdentityBroker.GoogleAgent.<InternalGetGroupPages>d__eb.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ProduceAutoPages>d__7`1.MoveNext() at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit() at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities) at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess() at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass33_0.<Run>b__0() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state) ---> (Inner Exception #0) System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message ""Google.Apis.Requests.RequestError EntityDoesNotExist [400] Errors [ Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global] ] "". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError EntityDoesNotExist [400] Errors [ Message[EntityDoesNotExist] Location[ - ] Reason[invalid] Domain[global] ] at Google.Apis.Requests.ClientServiceRequest`1.Execute() at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) --- End of inner exception stack trace --- at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass115`1.<BackoffRetry>b__10d() at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException) at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries) at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass17a.<ProcessedGroups>b__173(Tuple`2 group) at System.Threading.Tasks.Parallel.<>c__DisplayClassf`1.<ForWorker>b__c() at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask) at System.Threading.Tasks.Task.<>c__DisplayClass11.<ExecuteSelfReplicating>b__10(Object param0)<--- ",Normal
It's currently looking like Google have made another internal change - returning 400 now as an additional error code that requires the exponential back-off. My last couple of runs have gone through fine now that they are retrying following this error. Please try with Unify.IdentityBroker.Communicator.Google.dll and let me know how it goes.
Add support for new object types and fields
Add support for new object types, e.g.:
- Roles;
- Roles Assignments;
- Users - customSchemas.
Customer support service by UserEcho
