Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Aurion: Could not create SSL/TLS secure channel

Connection to Aurion was working yesterday. I was surprised it worked with nothing done to do with certificates since the webservice is a https address but today it's stopped working: "Change detection engine import all items for connector Aurion Employee failed with reason The request was aborted: Could not create SSL/TLS secure channel" System.Net.WebException. Does this mean a certificate needs to be installed on the Broker server? Or maybe something needs to be updated in the exe config? I googled the error but it was just alot of code samples and code fixes to resolve the issue. No description of what's really causing the error.

Answer

It mysteriously started working again with no change on my side. Not sure what the issue was.

0
Answered

Aurion PersonNumber is a required field and is not present

I'm not sure that this is really a product issue but raising a ticket in case this has been encountered before. I've connected to a cloud instance of Aurion. The agent Test Connection returns correctly but when I try to import on the Person or Employee connectors, I get a schema validation warning with a warning in the error log "The entity <null> (GUID) in the connector Aurion Employee failed validation 1 times for the following reasons: EmployeeNumber is a required and is not present". Same thing on the person connector but I get it for PersonNumber. The query has been scoped to one user for testing. When we run the report in the Aurion App we can see the PersonNumber in the XML. I tried turning on the trace logging in the exe config but it's not outputting any files, is this because the connection is https? It seems the report is running but either has no data at all or the key field just isn't populated. Any ideas?

Answer

The sample has the mapping set.

For future reference, the mapping is required because the default schema field names (which are mapped to the export API fields) don't necessarily match the import field names.

0
Fixed

Aurion export error: Object must implement IConvertible. at System.Convert.ChangeType

Carol Wapshere 8 months ago in UNIFYBroker/Aurion updated by Beau Harrison (Software Developer) 8 months ago 6

When trying to export Contact_Phone_Number to Aurion I get "Other", "One or more errors occurred" reported in MIM.

The error is on the screen in the Adapter (though not in the Broker log file). I've pasted the error below.

Aurion should already be set up to allow exports to this field as the existing solution does that. I've checked the field name and mapping is the same in the Connector config file for both new and old solutions.

Broker version: 5.3.1. Revision #0

Aurion connector version: 5.3.0.0

It's trying to export a string value for two entities. The export flow rule from MIM is a direct flow and the metaverse attribute is a single-valued string.

Her's the error message from the Adapter screen:

Adapter update entities [Count:2] to adapter Aurion Personnel (549d90e8-e7df-4729-9e4c-58c73d1c98d3) failed with reason System.AggregateException: One or more errors occurred. ---> 
Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Linq.Enumerable+d__14`2[Unify.Framework.DistinguishedNameValue,System.String] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
at Unify.Product.IdentityBroker.DistinguishedNameGeneratorReverseTransformation.Transform(IEntity[] sourceValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.d__112.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Unify.Product.IdentityBroker.Adapter.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__70.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__69.MoveNext() --- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass7_0`1.b__0(Task`1 t)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.b__0(Task`1 t)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.d__39.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.RequestHandlers.BulkRequestEntityGroupProcessor.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.RequestHandlers.BulkRequestEntityGroupProcessor.d__12.MoveNext() ---> (Inner Exception #0) Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Linq.Enumerable+d__14`2[Unify.Framework.DistinguishedNameValue,System.String] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue) --- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
at Unify.Product.IdentityBroker.DistinguishedNameGeneratorReverseTransformation.Transform(IEntity[] sourceValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.d__112.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Unify.Product.IdentityBroker.Adapter.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__70.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__69.MoveNext()<--- . Duration: 00:00:00.0156171
0
Answered

Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility'

Carol Wapshere 9 months ago in UNIFYBroker/Aurion updated by Beau Harrison (Software Developer) 9 months ago 16

I'm suddenly getting the error below in a Dev environment trying to update the schema of any Aurion connector. 

It's not happening in Test and the versions are slightly different:

DEV: v5.3.1 Revision #1

TEST: v5.3.1 Revision #0

20181213,02:32:40,UNIFYBroker,Connector Engine,Error,"The schema for 'Aurion Employee Connector' connector was not updated for the following reason: System.TypeLoadException: Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility' from assembly 'Unify.IdentityBroker.Connector.Interfaces, Version=5.3.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4'.
   at Unify.Connectors.AurionPersonSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)",Normal
20181213,03:09:21,UNIFYBroker,Logging Engine,Information,Log file started.,Minimal
20181213,03:09:21,UNIFYBroker,Connector Engine,Error,"The schema for 'Aurion Locations Connector' connector was not updated for the following reason: System.TypeLoadException: Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility' from assembly 'Unify.IdentityBroker.Connector.Interfaces, Version=5.3.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4'.
   at Unify.Connectors.AurionCustomSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)",Normal
Answer

Hi Carol 

Using your install directory I was able to reproduce this issue. This cause is you using an out of date version of the connector. I was able to successfully load the schema providers by updating to the latest release of the connector.

0
Not a bug

Aurion Security User not set on export

Sean Little 11 months ago in UNIFYBroker/Aurion updated by Adam van Vliet (Chief Information Security Officer) 11 months ago 5

Hi Guys,

We seem to have uncovered a possible bug with the Aurion connector. We have 2 issues with our solution - firstly that the OsUserId on the Aurion Security User is initally populated with an incorrect value (not an IDB issue).

However, when the solution attempts to update this value with the correct value (as set n AD), it does not appear to persist in Aurion.

The export is lined up as an update, and successfully exports from the MA through IDB without error, however the value is not actually set on the Security User object within Aurion.

A subsequent delta import results in an exported-change-not-reimported error on the MA.

The environment is using IDB v5.3.1 and communicating with Aurion v11.4.6

We will also provide the version of the Aurion connector soon

Cheers

Sean/Richard.

Answer

Updated the field name casing for OSUserId to OsUserId.

0
Under review

Attributes with the same name - Read-Only problem in MIM

Paul Zelenewicz 1 year ago in UNIFYBroker/Aurion updated 1 year ago 4

UNIFYBroker v5.3.1

Aurion API Connector v5.3.0

MIM 2016SP1 - 4.4.1749.0

Problem:

I have an 'Aurion Person' adapter and an 'Aurion ESS' adapter - each with an attribute called PersonNumber.

In 'Aurion Person' the attribute is read-only, in 'Aurion ESS' the attribute is not read-only.

Broker settings - Single Schema mode is false.

When I create the Aurion ESS Management Agent in MIM and attempt to setup an export attribute flow to  PersonNumber, MIM reports that the attribute is read-only.

It makes no difference if I create the ESS management agent before the Person management agent (even in a vanilla MIM database).

If I apply a rename transform to the PersonNumber in the ESS adapter I am able to setup an export attribute flow to the renamed attribute (i.e., ESSPersonNumber).

Question: 

Is it a specific requirement for Broker to maintain unique attribute names throughout different adapters? 

0
Answered

An item with the same key has already been added

Paul Zelenewicz 1 year ago in UNIFYBroker/Aurion updated by Matthew Davis (Engineering Manager) 3 months ago 7

UNIFYBroker v5.3.1

Aurion API Connector v5.3.0

After resolving an issue with the connector as per https://voice.unifysolutions.net/communities/6/topics/2460-aurion-security-user-update-user_match_value-expected (to resolve USER_MATCH_VALUE expected error), the MIM Aurion ESS Management agent is now experiencing an error only on a Delta Import step. Full Import and Export are working.

Have tried clearing entities from the connector and running Import All, generate changes, and have deleted the connector space from the Aurion ESS management agent then run Full Import/Full Sync.

Error message from MIM is:

The extensible extension returned an unsupported error.
 The stack trace is:
 
 "Unify.Product.IdentityBroker.LdapOperationException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<NormalSearch>b__3(IGrouping`2 group)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<NormalSearch>b__1()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<NormalSearch>d__9.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__12.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<HandleRequest>d__4.MoveNext()
   --- End of inner exception stack trace ---
   at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__35.MoveNext() - Result Code: Other ---> Unify.Product.IdentityBroker.LdapServerException: The server forcefully terminated the connection with the following reason: Internal Server Error #11: System.Exception: A task faulted. See inner exception for details. ---> System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Linq.Enumerable.ToDictionary[TSource,TKey,TElement](IEnumerable`1 source, Func`2 keySelector, Func`2 elementSelector, IEqualityComparer`1 comparer)
   at Unify.Product.IdentityBroker.CachedAdapterContext.GetEntitiesByKeyValues(IEnumerable`1 values)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_3.<NormalSearch>b__3(IGrouping`2 group)
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<>c__DisplayClass9_2.<NormalSearch>b__1()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.EntryUuidAttributeValue(IChangeLogItem sourceValue, IDictionary`2 partialAttributes)
   at Unify.Product.IdentityBroker.ChangeLogToLDAPEntryConverter.Transform(IChangeLogItem sourceValue)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<NormalSearch>d__9.MoveNext()
   at Unify.Product.IdentityBroker.ForwardLookingEnumerator`1.MoveNext()
   at Unify.Product.IdentityBroker.LDAPEngineExtensions.<TakeFromEnumerator>d__1`1.MoveNext()
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.<FinalizeSearchResults>d__12.MoveNext()
   at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
   at Unify.Product.IdentityBroker.SearchRequestHandlerBase.HandleRequest(IRfcLdapMessage message, CancellationToken token, Action`1 postAction)
   at Unify.Product.IdentityBroker.ChangeLogRequestHandler.<HandleRequest>d__4.MoveNext()
   --- End of inner exception stack trace ---
   at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
   at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Unify.Product.IdentityBroker.LDAPConnection.<RespondToMessageAsync>d__35.MoveNext() - Result Code: Other
   at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId)
   at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv)
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   --- End of inner exception stack trace ---
   at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__8.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.<GetChangedEntriesPaged>d__30.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
   at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__17`2.MoveNext()
   at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
   at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1749.0"
0
Under review

Attepting to retrieve the CollectionKeyId for caption "FieldName" failed.

I have added a new string field to the Aurion Person connector "ExtraField1". We already had "ExtraField2" (which was working).

The config already had a mapping:

<attribute name="Extra_Field_2" target="ExtraField2">

I have added underneath that:

<attribute name="Extra_Field_1" target="ExtraField1">

When I try to run the Import All now it runs for quite a while (this report takes a long time to generate), then fails with the error:

Attempting to retrieve the CollectionKeyId for caption ExtraField2 failed. No collection key found for that caption.

What has gone wrong?

I will send full error and config files by email once someone picks this up.

0
Under review

Aurion Schema Mappings Generic Connector

Matthew Davis (Engineering Manager) 1 year ago in UNIFYBroker/Aurion updated 1 year ago 2

I'm finding that with IDB 5.3 Aurion connector, when you initially create the generic connector and add schema rows (manually, haven't tested with query provider) it adds the initial schema rows to the query mappings fields.

However if you subsequently save the query mappings, enable and disable the connector, and add more schema rows then it doesn't add the new rows to the schema mappings.


While having the mappings isn't as important for a generic connector, it would be good if the connector did one or the other - either added all schema fields as mappings, or no fields were displayed as mappings.

0
Under review

Aurion Connector Schema Mappings Saving

Matthew Davis (Engineering Manager) 1 year ago in UNIFYBroker/Aurion updated 10 months ago 1

When you add a new Aurion connector (mainly with the Generic one, but applicable to others too), configuring the schema options automatically generates schema mappings. These display on the UI, but don't validate until the connector is run. Therefore you get an error on the first run of the connector regarding schema mappings, which means you have to run the save action on the connector to get it to persist to config.

It would be good if the schema mapping defaults could be persisted to configuration when the schema is modified or connector enabled - that way if they're not valid the connector isn't able to be enabled. 

Currently an issue against IDB v5.3