Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Attepting to retrieve the CollectionKeyId for caption "FieldName" failed.
I have added a new string field to the Aurion Person connector "ExtraField1". We already had "ExtraField2" (which was working).
The config already had a mapping:
<attribute name="Extra_Field_2" target="ExtraField2">
I have added underneath that:
<attribute name="Extra_Field_1" target="ExtraField1">
When I try to run the Import All now it runs for quite a while (this report takes a long time to generate), then fails with the error:
Attempting to retrieve the CollectionKeyId for caption ExtraField2 failed. No collection key found for that caption.
What has gone wrong?
I will send full error and config files by email once someone picks this up.
Aurion Query Attribute Order
Hi,
I've had a question from the customer regarding the queries the Aurion connector uses to pull data via the WSDL.
Does it matter if extra attributes that are not included in the schema/mapping are added to the query and does it matter what order the attributes are returned in the query?
Thanks,
Liam
Hey Liam,
No - extra fields aren't an issue. The Aurion connector uses the configured schema and mappings as the source of truth for which fields to read. So when iterating through the results of the query, each schema mapping row is attempted to be read from the results and set on the entity if it exists. So if the schema mapping doesn't exist on the query it will just skip over it, and extra ones that might be returned from the query will just be ignored if they're not in the schema.
There's also no order requirement - the query results come back in blobs of XML, and we just iterate over the results retrieving the required elements. So the connector code has no expectation of order.
Change detection engine import all items for connector Aurion Person failed with reason -25 (see UNIFACE message guide)
Hi,
I am trying to add the Employee_Number field from Aurion Person to a connector so that I can do write-back.
However, I am encountering the following error on Import All:
My mapping and schema is as follows:
Do you have more insight on what error -25 is?
Thanks,
Liam
Aurion security user writeback fails for user ID field values with common prefix
At my customer site their Aurion instance is configured with security user "UserID" field values which are populated from the user's AD sAMAccountName (username) field. Their usernames have values like "jsmi" (for John Smith) and "jsmi1" (for Jane Smith).
When writing data back for a user like "jsmi" the following error is logged by UNIFYBroker and the update isn't actioned in Aurion:
20230725,04:16:00,UNIFYBroker,EntitySaver,Error,The entity jsmi (3a657f98-06df-47e0-b0d8-bfd0c19b250b) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: Cannot identify an unique Aurion User from User Match Value,Normal
It appears the issue here is that the Aurion API is unable to identify a single unique security user to update, when there is another user whose UserID starts with the same value (i.e., jsmi1).
Is there some other way to configure UNIFYBroker so that it can successfully update my customer's Aurion security user data?
I've now confirmed that the behaviour I reported above isn't actually happening - I misinterpreted what I was seeing. The true root cause of the error is a link mapping passing a changed UserID value to the Aurion connector, which meant that it was passing a UserMatch value that didn't exist to the API.
UNIFYConnect writing back Aurion data to fields that it's not configured to export to
Recently my customer refreshed their TEST HR SOT (Aurion) from PROD. I ran an import to pick up the updated data, but didn't notice that it failed (due to a duplicate value for a key field in the refreshed data). Then I cleared locker data and reloaded it.
Then I ran a baseline sync to write back two fields to the HR SOT. It appears that at this time data on all fields (and not just the write-back fields) of entities in the HR SOT was reverted to pre-refresh values.
Is it likely that when I ran the baseline sync UNIFYBroker/Plus applied the mappings from the outbound link on top of the pre-existing out-of-date connector data, and then overwrote all that old field data back to Aurion, even for fields that are not configured to be written back?
Hi Adrian,
The Aurion API only supports updating specific fields on the API, separate to the queries being read. Currently, the UNIFY Aurion connector maps all suitable* connector entity fields back to the API call.
* A suitable connector entity field is one where the field schema name matches the name provided by the default schema provider, in line with the appropriate connector documentation (such as Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions )
If the appropriate schema field can't be found, then the value isn't set on the outgoing API call. According to the Aurion API documentation, this field would be ignored.
In this case, the baseline sync would have triggered the export operation on the connector for entities, which would have taken the reverse-transformed adapter entity (pre-refresh, as the import failed) and exported any fields that the connector was able to map - which is likely why those values got reverted.
I suspect that if you were to have different connector schema field names for any fields you're not wanting to have exported, and make use of the Query Mappings connector configuration, then only the expected fields would be updated.
We do have an item on the backlog to re-work the Aurion connector, having the connector schema be driven by the query with explicit configuration back to the API operations (rather than the inverse, as it stands currently).
We do also have an item to improve the Baseline Sync to avoid exporting entities when changes haven't been made, but we're working through the implications of that on true-up support (and potentially wouldn't have helped in this scenario if the values you were wanting to export were different already).
Aurion connector exports fail when import runs concurrently due to logoff
When an Aurion connector import operation runs while a connector export is already running the export fails with its session logged off:
14:30:00 baseline sync kicks off export:
Synchronization job started syncing 7977 changes on the 'Managed User > Aurion Security User' link from the locker to adapter. Job ID: 9f521182-e52e-4082-8685-899600d4456f",Normal
14:33:37 evidence of exports occurring:
Add entities [Count:3] to connector Aurion Security User reported 3 entities saved, 3 failed. Duration: 00:00:01.0862857",Normal
14:51:15 scheduled import operation runs:
20230531,14:51:15,UNIFYBroker,Change detection engine,Information,"Change detection engine import all items started.
Change detection engine import all items for connector Aurion Security User started.",Normal
14:52:54 hundreds of failed updates reported due to logoff (shared session with import?):
20230531,14:52:54,UNIFYBroker,Connector,Information,"Update entities to connector completed.
Update entities 6375 to connector Aurion Security User reported 6375 entities saved, 225 failed. Duration: 00:19:11.1067288",Normal
20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity bcoff (2a12bf64-7aec-4101-a696-fa84054b0a0d) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity kbair (603121f8-2724-4d34-a177-630bb718656b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
…
Either import and export operations should be able to run concurrently without interfering with each other, or otherwise the system should not permit them to run concurrently.
Fix should be contained in the overarching fix for the LOGON issue.
Allow TCP keepalives to be set for Aurion connectors
Matt wrote in email:
I have found some documentation that suggest long-lived TCP connections in Azure components are terminated after 4 minutes. Normally, you’d hope that a terminated TCP connection would immediately result in an exception such as “the underlying connection was closed”.
... I was able to reproduce the lack of response on this report in both the PowerShell harness and SoapUI. After some testing to force the connection to stay alive, I was able to find a way to successfully get this report to import on the test VM.
.... I’ll have to investigate the best way to solve this one long term. It might be something we need to set inside the connector, or inside UNIFYBroker, or inside the platform. I’m not sure if the problem is unique to Aurion or whether we can replicate it elsewhere – that’ll be part of the investigation to determine the best way to fix it. This command shouldn’t even be necessary – so we’d have to investigate the side effects of it and ensure that we won’t break something else by having this set.
Due to my customer having long running reports, could you please provide a fix for this issue?
Aurion API function used by the Person connector for export
Hi @Matthew Davis @Beau Harrison
A customer has asked which Aurion API function is used by the Aurion Person connector export functionality. I believe it’s EMP_UPDATE_PERS. Can you please confirm?
Thanks
Hi Adrian,
The export functions used by the connectors is listed on their documentation pages:
Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions
You're correct for the person connector - it uses the EMP_UPDATE_PERS function for exports.
Aurion connector time out "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"
One of my Aurion connectors is failing to import all with the following error. Two other Aurion connectors for the same agent do not return this error. Test Connection for the agent is successful. I can't find a client-side timeout parameter on the configuration screen. The error is occurring around 5m24s after the import starts. There were around 7,200 records the last time the import was working in this environment (I don't know how long ago that was). The other two working connectors have similar entity counts and each take around 90 seconds to run to successful completion.
Could you please investigate? If this is a server-side timeout please let me know and I'll escalate it to Aurion.
Customer identifying details have been redacted from the following log entry:
20230127,02:25:20,UNIFYBroker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Employee Connector failed with reason Unable to connect to the remote server. Duration: 00:05:24.5919187
Error details:
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XX.XX.XX:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket,IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Unify.Communicators.AurionAPI.EV397_AURION_WSService.LOGOFF(String P_TOKEN)
at Unify.Communicators.AurionWSCommunicator.Logout()
at Unify.Communicators.AurionAgent.Close()
at Unify.Connectors.AurionApiReadingConnector.d__5.System.IDisposable.Dispose()
at Unify.Connectors.AurionApiReadingConnector.d__5.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
This resolution of this issue is being tracked here: Allow TCP keepalives to be set for Aurion connectors / UNIFYBroker Forum / UNIFY Solutions
Rebuild Aurion connector mapping table after report schema update
After an Aurion report is modified and Request Schema is run, the Schema attribute<->Mapping element table isn't updated. It's not possible to add mappings for any new fields, and old fields remain in the table, which is confusing.
When a Request Schema is run, non-existant report field mappings should be removed, and any currently missing ones should be added.
Customer support service by UserEcho