Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Aurion QueryID length
My Aurion QueryID is 16 characters long, but because we are sending a parameter/option with the queryID (i.e. my QueryID field is like: query1234567890a,XML_FILE_PATH=file.xml) I am getting the validation error message.
Import all entities from connector failed.
Import all entities from connector AurionDEVPerson failed with reason QueryId cannot exceed 16 characters
Parameter name: queryId. Duration: 00:02:06.0296668
Error details:
System.ArgumentOutOfRangeException: QueryId cannot exceed 16 characters
Parameter name: queryId
at Unify.Communicators.AurionAgent.QueryToXml(String queryId, String expectedObjectName)
at Unify.Connectors.AurionApiReadingConnector.<GetAllEntities>d__4.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__10`1.MoveNext()
at Unify.Framework.Collections.EnumerableExtensions.<ProduceAutoPages>d__7`1.MoveNext()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass33_0.<Run>b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
I see from this
http://voice.unifysolutions.net/topics/326-improve-error-message-when-queryid-exceeds-maximum-length/
that this is desired/expected behaviour, but could we please either only validate that string up to the comma or add a field for any parameters that we want to append?
Just remove the XML_FILE_PATH. It's not required in Identity Broker because it can be handled by the query tool.
Aurion XML error
Setting up the Aurion connector, sending as the query ID the query name and the XML_FILE_PATH. The import all fails with error
Change detection engine import all items for connector Test failed with reason Expecting '?', '*', or '+'. Line 4, position 77.. Duration: 00:02:02.5742785in the log we get:
Import all
entities from connector failed.
Import all entities from connector AurionUser failed with reason Expecting '?',
'*', or '+'. Line 4, position 77.. Duration: 00:02:00.8921187
Error details:
System.Xml.XmlException: Expecting '?', '*', or '+'. Line 4, position 77.
That suggests to me that there is a problem with the XML, but since we are using the XML_FILE_PATH just referring to the xml file name and the query is just writing to the file with no directory, there is no physical file to look at (this is how the Aurion guys have configured it). They did export me a file to a directory. Line 4 is:
<!ELEMENT AQT_Output (First_Name, ... Preferred_Name_+_Surname, ...)>
and position 77 is just after the + in the middle of a composite full name field.
I can see no reason why "+" would cause issues as it is not one of the 5 XML reserved characters(<,>,&,",'), but I am asking the Aurion consultant to remove that field from the query.
Any ideas why it would be an issue?
Aurion account requirements
The doco just says "The name of the Security User account used to connect to the Aurion system."
the Aurion consultant has given us
"a ‘Batch Logon Only’ which means that it can only log on for batch processing and API processing (and cannot log on to Self Service or Core). It has got access to run any query and/or API that you like."
Can you tell me if the Aurion connector needs an interactive logon?
As far as I can see the batch logon user is what we are using - at the time we were having all sorts of fun and games setting up connectivity so I was checking/confirming everything. I think this can be closed off
Aurion credentials vs security user
Following the online doco https://unifysolutions.jira.com/wiki/display/IDBAUR50/Aurion+Agent for Aurion and it is a little light when it comes to the Aurion Agent and user credentials.
We have required fields Security User and password, where security user is described as The name of the Security User account used to connect to the Aurion system.
Then we have credentials:
The type of credentials used to connect to the target system.
any idea what that means? If I select custom I get the option for Account name and password - the other options are none, default, defaultcredentials and defaultnetworkcredentials, but nothing in the doc that I can see that tells me what any of those mean.
Is there a doc somewhere that tells us more about Aurion?
Hi Eddie,
These settings are for the SOAP endpoint credentials and can most likely be ignored (left as None). I've made a note to improve the documentation.
Aurion export failed "EMPLOYEE_NO expected"
I am trying to export Fax_Number to an Aurion Person connector.
There are two connectors for Person and Employee. The Person connector is the primary one that links through to the Adapter; the Employee connector is joined via the Adapter.
The schema of the Person connector (as I've implemented it) is as follows:
- PersonNumber (Person_Number)
- ContactPhoneNo (Contact_Phone_Number)
- FaxNo (Fax_Number)
- GivenNames (Given_Names)
- PreferredName (Preferred_Name)
- Surname (Surname)
I did not include EmployeeNumber as I didn't think it was relevant to Person so that's probably my mistake - I can see it's listed in the Default Schema Provider. So firstly - do I ask the customer to add that to the Aurion query?
And next - do I map it to "EMPLOYEE_NO"?
As a doco suggestion it would help if the schema was listed in the doco along with which fields are required.
Sorted out by adding Employee_Number to the Person connector's Aurion query. Initially I was not getting the data because I used the name Employee_No (as specified by that error message) but actually the query uses Employee_Number. Thanks to Ryan for suggesting I run the report directly in Aurion and inspect the resulting XML file.
Now that Employee_Number is populated in the Person connector my test export to Fax_Number has succeeded.
Cannot change Queue On Blocked through UI
I could not find a way to change the Queue on Blocked setting of the Aurion v5 connectors through the UI and had to do it in the XML.
Thanks Carol, this has already been fixed and is just awaiting release.
Aurion Security User update - USER_MATCH_VALUE expected
IdB 5.0.4, Aurion Connector v5
The Aurion Security User Import worked perfectly. I am now trying to export changes in the Status value back to Aurion and I get the error "USER_MATCH_VALUE expected" reported as an export error back to the MIM Sync service. There is nothing in the IdB logs (on Verbose setting - I haven't tried Diagnostic).
It sort of sounds like maybe the User_Id value is not being sent to Aurion along with the update - however User_Id is populated in the connector, and it came from the connector import, so is definitely what Aurion has.
Exports were working in the IdB 3 solution. Does v5 do something different? Is there anything that has to be changed in Aurion to support updates?
Hi Carol,
It's referring to the missing user id, which is the user field for the security user connector. This hasn't changed in v5.0. Try adding a new connector and running the schema provider again to see the correct list of fields.
Thanks.
Distinguished Name Generator using key in dn instead of input value
DN being generated inlcudes the users own key, instead of managers:
CN=00069,OU=AurionPerson,DC=Identity Broker
instead of:
CN=00203,OU=AurionPerson,DC=Identity Broker
I expect the Input value to become the key, as it's no longer selectable in the dropdown attribute list. How do I configure this so that the SupervisorWAMI is in the DN?
Attributes:
* SupervisorWAMI: 00203
* Key: 00069
Config:
* Input: SupervisorWAMI
* target: SupervisorDN
* Single Valued: Checked
* Skip Missing: Checked
* DN Template:
- Adapter: Aurion Person
- CN = @Key
Hi Matt,
You should be able to configure the DN template as CN = [SupervisorWAMI].
Join with Priority on Date field is picking the older entry
I have multiple Aurion Employee records for each Aurion Person. I joined on the Person Number and then selected Priority and the Date_Commenced field (which is a Date data type in the connector schema). Based on the comment in the UI saying the highest value is picked I expected the record with the latest Date_Commenced to be joined, however it picked the older record. Is this how it's supposed to work? It seems wrong to me.
I have switched to using a status field and telling it to prioritise 'ACTIVE' - however I've been told that status is manually managed in Aurion so had thought the Date_Commenced filed would be a safer option.
No, the use cases have always required it the other way. The recent selection is the only one that prioritises closest to the window. If you'd like me to add this to the backlog please let me know. In the meantime check to see what other implementations are doing and/or do the selection in the solution.
Thanks.
Connector description not saved
I set a Description value on two new Aurion connectors (IdB 5.0.4) during creation but the Comment still says "A comment has not been provided". I have edited the connectors again to set the Description but still have nothing in Comment.
As well as it not being saved it would be good if the same terminology could be used in setting and viewing - either Description or Comment.
Customer support service by UserEcho