Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
I have added a new string field to the Aurion Person connector "ExtraField1". We already had "ExtraField2" (which was working).
The config already had a mapping:
<attribute name="Extra_Field_2" target="ExtraField2">
I have added underneath that:
<attribute name="Extra_Field_1" target="ExtraField1">
When I try to run the Import All now it runs for quite a while (this report takes a long time to generate), then fails with the error:
Attempting to retrieve the CollectionKeyId for caption ExtraField2 failed. No collection key found for that caption.
What has gone wrong?
I will send full error and config files by email once someone picks this up.
At my customer site their Aurion instance is configured with security user "UserID" field values which are populated from the user's AD sAMAccountName (username) field. Their usernames have values like "jsmi" (for John Smith) and "jsmi1" (for Jane Smith).
When writing data back for a user like "jsmi" the following error is logged by UNIFYBroker and the update isn't actioned in Aurion:
20230725,04:16:00,UNIFYBroker,EntitySaver,Error,The entity jsmi (3a657f98-06df-47e0-b0d8-bfd0c19b250b) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: Cannot identify an unique Aurion User from User Match Value,Normal
It appears the issue here is that the Aurion API is unable to identify a single unique security user to update, when there is another user whose UserID starts with the same value (i.e., jsmi1).
Is there some other way to configure UNIFYBroker so that it can successfully update my customer's Aurion security user data?
Recently my customer refreshed their TEST HR SOT (Aurion) from PROD. I ran an import to pick up the updated data, but didn't notice that it failed (due to a duplicate value for a key field in the refreshed data). Then I cleared locker data and reloaded it.
Then I ran a baseline sync to write back two fields to the HR SOT. It appears that at this time data on all fields (and not just the write-back fields) of entities in the HR SOT was reverted to pre-refresh values.
Is it likely that when I ran the baseline sync UNIFYBroker/Plus applied the mappings from the outbound link on top of the pre-existing out-of-date connector data, and then overwrote all that old field data back to Aurion, even for fields that are not configured to be written back?
The Aurion API only supports updating specific fields on the API, separate to the queries being read. Currently, the UNIFY Aurion connector maps all suitable* connector entity fields back to the API call.
* A suitable connector entity field is one where the field schema name matches the name provided by the default schema provider, in line with the appropriate connector documentation (such as Aurion Person Connector / UNIFYBroker knowledge / UNIFY Solutions )
If the appropriate schema field can't be found, then the value isn't set on the outgoing API call. According to the Aurion API documentation, this field would be ignored.
In this case, the baseline sync would have triggered the export operation on the connector for entities, which would have taken the reverse-transformed adapter entity (pre-refresh, as the import failed) and exported any fields that the connector was able to map - which is likely why those values got reverted.
I suspect that if you were to have different connector schema field names for any fields you're not wanting to have exported, and make use of the Query Mappings connector configuration, then only the expected fields would be updated.
We do have an item on the backlog to re-work the Aurion connector, having the connector schema be driven by the query with explicit configuration back to the API operations (rather than the inverse, as it stands currently).
We do also have an item to improve the Baseline Sync to avoid exporting entities when changes haven't been made, but we're working through the implications of that on true-up support (and potentially wouldn't have helped in this scenario if the values you were wanting to export were different already).
When an Aurion connector import operation runs while a connector export is already running the export fails with its session logged off:
14:30:00 baseline sync kicks off export:
Synchronization job started syncing 7977 changes on the 'Managed User > Aurion Security User' link from the locker to adapter. Job ID: 9f521182-e52e-4082-8685-899600d4456f",Normal
14:33:37 evidence of exports occurring:
Add entities [Count:3] to connector Aurion Security User reported 3 entities saved, 3 failed. Duration: 00:00:01.0862857",Normal
14:51:15 scheduled import operation runs:
20230531,14:51:15,UNIFYBroker,Change detection engine,Information,"Change detection engine import all items started.
Change detection engine import all items for connector Aurion Security User started.",Normal
14:52:54 hundreds of failed updates reported due to logoff (shared session with import?):
20230531,14:52:54,UNIFYBroker,Connector,Information,"Update entities to connector completed.
Update entities 6375 to connector Aurion Security User reported 6375 entities saved, 225 failed. Duration: 00:19:11.1067288",Normal
20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity bcoff (2a12bf64-7aec-4101-a696-fa84054b0a0d) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
20230531,14:52:54,UNIFYBroker,EntitySaver,Error,The entity kbair (603121f8-2724-4d34-a177-630bb718656b) for the adapter Aurion Security User (f3c9eba8-ccd2-447b-ba37-67796af63171) failed to update for the following reasons: Aurion API error -1: You are not logged on to the Aurion web services application server. Use the LOGON operation.,Normal
Either import and export operations should be able to run concurrently without interfering with each other, or otherwise the system should not permit them to run concurrently.
Fix should be contained in the overarching fix for the LOGON issue.
Matt wrote in email:
I have found some documentation that suggest long-lived TCP connections in Azure components are terminated after 4 minutes. Normally, you’d hope that a terminated TCP connection would immediately result in an exception such as “the underlying connection was closed”.
... I was able to reproduce the lack of response on this report in both the PowerShell harness and SoapUI. After some testing to force the connection to stay alive, I was able to find a way to successfully get this report to import on the test VM.
.... I’ll have to investigate the best way to solve this one long term. It might be something we need to set inside the connector, or inside UNIFYBroker, or inside the platform. I’m not sure if the problem is unique to Aurion or whether we can replicate it elsewhere – that’ll be part of the investigation to determine the best way to fix it. This command shouldn’t even be necessary – so we’d have to investigate the side effects of it and ensure that we won’t break something else by having this set.
Due to my customer having long running reports, could you please provide a fix for this issue?
The export functions used by the connectors is listed on their documentation pages:
You're correct for the person connector - it uses the EMP_UPDATE_PERS function for exports.
Aurion connector time out "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"
One of my Aurion connectors is failing to import all with the following error. Two other Aurion connectors for the same agent do not return this error. Test Connection for the agent is successful. I can't find a client-side timeout parameter on the configuration screen. The error is occurring around 5m24s after the import starts. There were around 7,200 records the last time the import was working in this environment (I don't know how long ago that was). The other two working connectors have similar entity counts and each take around 90 seconds to run to successful completion.
Could you please investigate? If this is a server-side timeout please let me know and I'll escalate it to Aurion.
Customer identifying details have been redacted from the following log entry:
20230127,02:25:20,UNIFYBroker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Employee Connector failed with reason Unable to connect to the remote server. Duration: 00:05:24.5919187
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XX.XX.XX:443
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket,IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object parameters)
at Unify.Communicators.AurionAPI.EV397_AURION_WSService.LOGOFF(String P_TOKEN)
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
After an Aurion report is modified and Request Schema is run, the Schema attribute<->Mapping element table isn't updated. It's not possible to add mappings for any new fields, and old fields remain in the table, which is confusing.
When a Request Schema is run, non-existant report field mappings should be removed, and any currently missing ones should be added.
In my UNIFYConnect config the MOBILE_PHONE value isn't being written back to Aurion successfully.
The relevant connector config is:
In the customer's Aurion report the mobile phone field is called 'Contact_Mobile_Phone' so a mapping is necessary. Import is working correctly, but the field is not updated in Aurion on export.
Here is the rest of the relevant config:
Adapter Transform (to remove underscores from the field name)
After a connector Import the Contact_Mobile_Phone field is set to the old value from Aurion as expected. After a Baseline Sync on the link the value in the connector is changed to '0418 999 999' temporarily, but then reset back to the old value from Aurion after the next connector Import, showing that the value has not been updated in Aurion.
What is causing the writeback to fail and how do I get it to work?
In my customer's TEST I am seeing this Aurion error when a Baseline Sync runs, for 23 of ~500 entities:
20210803,01:01:15,UNIFYBroker,EntitySaver,Error,The entity mbishop (1100a4a9-3f58-4f13-9c39-480b36abbf41) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: User is already linked to an Employee and cannot be changed by this process,Normal
Looking at the data for this specific case, it appears the only update that needs to be sent to Aurion is Name (changing from "Matthew BISHOP" to "Matthew Bishop"). Other fields appear to be unchanged.
What do you suggest I do to debug the root cause?
Customer support service by UserEcho