Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Writeback MOBILE_PHONE not working for an Aurion Person Connector

Adrian Corston 2 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 2 years ago 20

In my UNIFYConnect config the MOBILE_PHONE value isn't being written back to Aurion successfully.

The relevant connector config is:

Image 6166

Image 6168

In the customer's Aurion report the mobile phone field is called 'Contact_Mobile_Phone' so a mapping is necessary.  Import is working correctly, but the field is not updated in Aurion on export.

Here is the rest of the relevant config:

Adapter Transform (to remove underscores from the field name)

Image 6169

Link Mapping

Image 6171

Locker Entity

Image 6172

After a connector Import the Contact_Mobile_Phone field is set to the old value from Aurion as expected.  After a Baseline Sync on the link the value in the connector is changed to '0418 999 999' temporarily, but then reset back to the old value from Aurion after the next connector Import, showing that the value has not been updated in Aurion.

What is causing the writeback to fail and how do I get it to work?

0

Aurion API error -1: User is already linked to an Employee and cannot be changed by this process

Adrian Corston 3 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 2 years ago 0

In my customer's TEST I am seeing this Aurion error when a Baseline Sync runs, for 23 of ~500 entities:

20210803,01:01:15,UNIFYBroker,EntitySaver,Error,The entity mbishop (1100a4a9-3f58-4f13-9c39-480b36abbf41) for the adapter Aurion Security User (c5460bd3-0167-4290-a2a0-180f8632a474) failed to update for the following reasons: Aurion API error -1: User is already linked to an Employee and cannot be changed by this process,Normal

Looking at the data for this specific case, it appears the only update that needs to be sent to Aurion is Name (changing from "Matthew BISHOP" to "Matthew Bishop"). Other fields appear to be unchanged.

What do you suggest I do to debug the root cause?

0
Under review

Person update with WAMI instead of EmployeeNumber

Carol Wapshere 4 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 2 years ago 3

Hello Unify people. A long time ago I posted this:

https://voice.unifysolutions.net/communities/6/topics/2467-aurion-export-failed-employee_no-expected

I have now found out it is not (or no longer) a requirement of the Aurion API method EMP_UPDATE_PERS to have the employee number, and it can work with the WAMIKey, as in the following:

API_FUNCTION=EMP_UPDATE_PERS|WAMI_NO=16798|CONTACT_PHONE=02 9898 9898|WORK_MOBILE=0404 040 404

If the customer asks for an update to the Aurion connector to use the WAMI if Employee_Number is not available, can you do that?

0
Fixed

Aurion agent proxy settings don't appear to be working

Richard Green 4 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 4 years ago 6

Hi Gents,

Raising this ticket out of a support request from DIIS (Industry). They are looking to transition to a cloud hosted instance of Aurion, and to use a proxy server to provide a bridge between the 2.

However it appears the proxy settings for the Aurion agent are being ignored in communications.

They are on:

  • Identity Broker Service v5.2.1.0
  • Identity Broker for Aurion v5.2.0.1

They have provided the following (santitised) agent configuration:

<?xml version="1.0" encoding="utf-8"?>

<agentengine>

<agents>

<agent name="Aurion" id="9cd4a7d7-2852-40d5-afc4-089102472dc7" type="Unify.Agent.Aurion" description="
{COMMENTS REMOVED}">

<extended>

<communicator credentialsoptions="None" uri="https://api.aurion.cloud/{instance_name_removed}/production/servlet/services/ev397_aurion_ws?wsdl" ignorecertificateerrorslevel="Default" preauthenticate="false" usedefaulttimeout="false" timeout="PT55M" proxyoptions="Custom" proxyuri="http://{ PROXYIP}:8080/" proxycredentialsoptions="Default">

</communicator></extended></agent></agents></agentengine>


I've spoken with Matt, and apparently there is a known issue with version 5.2 and a fix which addresses this issue. (Not currently available on Voice).

Answer

Closing due to no response. If the patch hasn't fixed the issue, please feel free to re-open the ticket. 

0
Answered

Aurion: Could not create SSL/TLS secure channel

Daniel Walters 5 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 5 years ago 3

Connection to Aurion was working yesterday. I was surprised it worked with nothing done to do with certificates since the webservice is a https address but today it's stopped working: "Change detection engine import all items for connector Aurion Employee failed with reason The request was aborted: Could not create SSL/TLS secure channel" System.Net.WebException. Does this mean a certificate needs to be installed on the Broker server? Or maybe something needs to be updated in the exe config? I googled the error but it was just alot of code samples and code fixes to resolve the issue. No description of what's really causing the error.

Answer
Adam van Vliet 5 years ago

It mysteriously started working again with no change on my side. Not sure what the issue was.

0
Answered

Aurion PersonNumber is a required field and is not present

Daniel Walters 5 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 5 years ago 5

I'm not sure that this is really a product issue but raising a ticket in case this has been encountered before. I've connected to a cloud instance of Aurion. The agent Test Connection returns correctly but when I try to import on the Person or Employee connectors, I get a schema validation warning with a warning in the error log "The entity <null> (GUID) in the connector Aurion Employee failed validation 1 times for the following reasons: EmployeeNumber is a required and is not present". Same thing on the person connector but I get it for PersonNumber. The query has been scoped to one user for testing. When we run the report in the Aurion App we can see the PersonNumber in the XML. I tried turning on the trace logging in the exe config but it's not outputting any files, is this because the connection is https? It seems the report is running but either has no data at all or the key field just isn't populated. Any ideas?

Answer
Adam van Vliet 5 years ago

The sample has the mapping set.

For future reference, the mapping is required because the default schema field names (which are mapped to the export API fields) don't necessarily match the import field names.

0
Fixed

Aurion export error: Object must implement IConvertible. at System.Convert.ChangeType

When trying to export Contact_Phone_Number to Aurion I get "Other", "One or more errors occurred" reported in MIM.

The error is on the screen in the Adapter (though not in the Broker log file). I've pasted the error below.

Aurion should already be set up to allow exports to this field as the existing solution does that. I've checked the field name and mapping is the same in the Connector config file for both new and old solutions.

Broker version: 5.3.1. Revision #0

Aurion connector version: 5.3.0.0

It's trying to export a string value for two entities. The export flow rule from MIM is a direct flow and the metaverse attribute is a single-valued string.

Her's the error message from the Adapter screen:

Adapter update entities [Count:2] to adapter Aurion Personnel (549d90e8-e7df-4729-9e4c-58c73d1c98d3) failed with reason System.AggregateException: One or more errors occurred. ---> 
Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Linq.Enumerable+d__14`2[Unify.Framework.DistinguishedNameValue,System.String] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
at Unify.Product.IdentityBroker.DistinguishedNameGeneratorReverseTransformation.Transform(IEntity[] sourceValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.d__112.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Unify.Product.IdentityBroker.Adapter.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__70.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__69.MoveNext() --- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass7_0`1.b__0(Task`1 t)
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass5_0`1.b__0(Task`1 t)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.Execute() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.d__39.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.RequestHandlers.BulkRequestEntityGroupProcessor.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.RequestHandlers.BulkRequestEntityGroupProcessor.d__12.MoveNext() ---> (Inner Exception #0) Unify.Product.IdentityBroker.EntitySchemaValidationException: Provided value System.Linq.Enumerable+d__14`2[Unify.Framework.DistinguishedNameValue,System.String] failed validation for type String ---> System.InvalidCastException: Object must implement IConvertible.
at System.Convert.ChangeType(Object value, Type conversionType, IFormatProvider provider)
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue) --- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.EntityObjectTypeSchemaValidator`2.CreateValue(Object dataValue)
at Unify.Product.IdentityBroker.DistinguishedNameGeneratorReverseTransformation.Transform(IEntity[] sourceValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Framework.AggregateArrayedValueAdapter`2.<>c.b__2_0(TElement[] current, IValueAdapter`2 valueAdapter)
at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func)
at Unify.Framework.AggregateArrayedValueAdapter`2.Transform(TElement[] baseValue)
at Unify.Product.IdentityBroker.Adapter.GetReverseTransformedEntities(IEnumerable`1 entities)
at Unify.Product.IdentityBroker.Adapter.d__112.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Unify.Product.IdentityBroker.Adapter.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__70.MoveNext() --- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Adapter.d__69.MoveNext()<--- . Duration: 00:00:00.0156171
0
Answered

Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility'

I'm suddenly getting the error below in a Dev environment trying to update the schema of any Aurion connector. 

It's not happening in Test and the versions are slightly different:

DEV: v5.3.1 Revision #1

TEST: v5.3.1 Revision #0

20181213,02:32:40,UNIFYBroker,Connector Engine,Error,"The schema for 'Aurion Employee Connector' connector was not updated for the following reason: System.TypeLoadException: Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility' from assembly 'Unify.IdentityBroker.Connector.Interfaces, Version=5.3.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4'.
   at Unify.Connectors.AurionPersonSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)",Normal
20181213,03:09:21,UNIFYBroker,Logging Engine,Information,Log file started.,Minimal
20181213,03:09:21,UNIFYBroker,Connector Engine,Error,"The schema for 'Aurion Locations Connector' connector was not updated for the following reason: System.TypeLoadException: Could not load type 'Unify.Product.IdentityBroker.IEntitySchemaConfigurationUtility' from assembly 'Unify.IdentityBroker.Connector.Interfaces, Version=5.3.0.0, Culture=neutral, PublicKeyToken=84b9288cb2633de4'.
   at Unify.Connectors.AurionCustomSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
   at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)",Normal
Answer

Hi Carol 

Using your install directory I was able to reproduce this issue. This cause is you using an out of date version of the connector. I was able to successfully load the schema providers by updating to the latest release of the connector.

0
Not a bug

Aurion Security User not set on export

Sean Little 5 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 5 years ago 5

Hi Guys,

We seem to have uncovered a possible bug with the Aurion connector. We have 2 issues with our solution - firstly that the OsUserId on the Aurion Security User is initally populated with an incorrect value (not an IDB issue).

However, when the solution attempts to update this value with the correct value (as set n AD), it does not appear to persist in Aurion.

The export is lined up as an update, and successfully exports from the MA through IDB without error, however the value is not actually set on the Security User object within Aurion.

A subsequent delta import results in an exported-change-not-reimported error on the MA.

The environment is using IDB v5.3.1 and communicating with Aurion v11.4.6

We will also provide the version of the Aurion connector soon

Cheers

Sean/Richard.

Answer
Adam van Vliet 5 years ago

Updated the field name casing for OSUserId to OsUserId.

0
Declined

Attributes with the same name - Read-Only problem in MIM

Paul Zelenewicz 6 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 4 years ago 4

UNIFYBroker v5.3.1

Aurion API Connector v5.3.0

MIM 2016SP1 - 4.4.1749.0

Problem:

I have an 'Aurion Person' adapter and an 'Aurion ESS' adapter - each with an attribute called PersonNumber.

In 'Aurion Person' the attribute is read-only, in 'Aurion ESS' the attribute is not read-only.

Broker settings - Single Schema mode is false.

When I create the Aurion ESS Management Agent in MIM and attempt to setup an export attribute flow to  PersonNumber, MIM reports that the attribute is read-only.

It makes no difference if I create the ESS management agent before the Person management agent (even in a vanilla MIM database).

If I apply a rename transform to the PersonNumber in the ESS adapter I am able to setup an export attribute flow to the renamed attribute (i.e., ESSPersonNumber).

Question: 

Is it a specific requirement for Broker to maintain unique attribute names throughout different adapters? 

Answer

Closing as LDAP was providing the correct information to MIM, and no other information was provided. Feel free to re-open if the issue persists or resurfaces.