Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+1
Fixed

MIM Adapter Error if no IDB Adapters Enabled

Tested Against: Identity Broker v5.3

Currently if you have no adapters enabled in IDB, and you attempt to create an MA in MIM using the MIM Adapter ECMA2, you get the following error:

The extensible extension returned an unsupported error.
  
The stack trace is:
 "System.InvalidOperationException: Sequence contains no elements
   at System.Linq.Enumerable.Aggregate[TSource](IEnumerable`1 source, Func`3 func)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.4.1302.0"

It would be good if the error could either be reported in a more logical way (IE inform that there's no adapters enabled, and therefore no OU's to load), or simply allow the creation process to continue and the user will realise there's no adapters enabled in a subsequent step.


The error also occurs if you have adapters which are enabled with valid schema, but inhibited due to a condition with the base connector. 

Answer

Fixed, will be in next release

0
Not a bug

MIM Connectivity Bug

I'm getting this error when I try to create an MA connecting to UNIFYBroker. I'm using MIM SP1 v4.4.1237.0.


I've just installed UnifyBroker v5.3.1 and then Identity Broker for FIM v5.0.4. I created SQL connectors and an adapter and created the LDAP User. I changed the port it uses to 8888. I copied the .dll into the FIM Extensions directory, selected extensible connectivity 2.0 and selected the .dll and the refresh interfaces works but on the next page, trying to auth with IdB I get the above error. There's nothing in event viewer. I get the same error if I enter the wrong credentials but a different error if I enter the wrong port. I also tried 127.0.0.1 instead of localhost and got the same error. I also tried port 59991 in case I should be connecting to the web service and got the same error.

0
Answered

Trigger event on delete from source

We are currently working with a datasource (via Broker to MIM) which only shows active users - there is no end-date field for us to trigger events on termination.

Is there a way to capture the record delete event in Broker and create an action based on that (i.e., write some field about the record to a log file, etc..)?

Thanks.

Answer

Hey Paul,

As discussed, a potential solution would be to hook up a new MA, that connects to the same UNIFYBroker Adapter. You could then configure this MA to remove its Connector Space objects when they are removed from the adapter, and join to your existing metaverse object. That way you have a record of who has been terminated and who hasn't - if they're terminated they'll exist in one MA, and if not terminated they'll exist in both.

You should be able to use this and a combination of some other logic to trigger your notifications and other requirements.

Let us know how it goes. As mentioned, I wouldn't recommend relying on the changelog table as a source of truth as the format could potentially change in future versions and it's not directly supported as a data source so we can't guarantee the integrity of the data.

0
Not a bug

Container not imported - completed-no-objects

Carol Wapshere 1 year ago in UNIFYBroker/Microsoft Identity Manager • updated 1 year ago 4

I need to import the container from an empty adapter, but MIM is returning completed-no-objects and the container is not imported.

I have found another couple of Voice issues about this but both indicate the problem should already be fixed. I'm on IdB v5.2.1.

Answer

I've updated the page that I linked, there are a few things that need to be checked, see https://voice.unifysolutions.net/knowledge-bases/7/articles/3364-identity-broker-for-microsoft-identity-manager-configuration for details. I.e. importing the container object type; and also at least one attribute on that object type.

0
Answered

Does IdB v5.2 support Windows 2016

Rizwan Ahmed 1 year ago in UNIFYBroker/Microsoft Identity Manager • updated 1 year ago 2

The best I could find was the link below;

https://voice.unifysolutions.net/knowledge-bases/7/articles/2920-identity-broker-installation-prerequisites

which does mention Window 2008 SP1 or later, but client’s question is specific to Windows 2016 testing and certification. To be honest I believe what they really mean is, are the following products tested to be supporting Windows 2016 by UNIFY. Or should they get the new server build on Windows 2012 2012 R2 64bit

  • UNIFY Identity Broker Service v5.2.1.0 RTM x64
  • UNIFY Identity Broker for Microsoft Identity Manager v5.1.0 RTM
  • UNIFY Identity Broker for Aurion v5.2.0 RC1

Thank You.

Answer

Hi Rizwan,

Identity Broker has been tested against all versions of Windows from 2008 SP1 and onwards, with most testing against 2016. I'll look at updating the page so that it's a little more clear.

If the client was actually referring to Microsoft certification, then no; the certification program is not available at the moment as it's being reworked.

Thanks.

0
Answered

Client Upgrade to .Net 4.6 cause MA to Fail

Hi,

I'm investigating an ACTGOV incident (Ivanti Incident 50255) and they have run into issues testing an upgrade to .Net 4.6 on an existing installation in their TEST environment. 

The description from ACTGOV is as follows:

Hi,

We would like to upgrade .net on our Education FIM server to 4.6 but we found that when we do so in our test environment that our Maze MAs stop working.  In the event log we get the error message:


Given the MA refuses to even start the problem appears to be Unify.Framework.ILM2007FP1Adapter.dll.  Are you able to provide an updated version of this DLL that has been compiled with .net 4.6?

The version we currently have is 3.0.1.1 with a time stamp of 9/7/2013.

Cheers,

I was hoping you may be able to assist with a copy of the dll able to run with .Net 4.6 or what the action for remediation on this issue is.

Below are also the software versions the client has:

  • FIM 2010 Sync Engine
  • FIM Service Portal and SSPR
  • Identity Broker for FIM 4
  • Identity Broker for CISCO 4
  • Identity Broker for viewDS
  • Identity Broker for Sharepoint 4

Let me know if you need any more details.

Thank you,

Hayden Gray

Answer

I'm not sure why that would cause the MA to fail, the Windows Event Log might have more information. However, if you're targeting Identity Broker v4+ you should be using the matching MA dll (not v3). If you're still on v3, you should upgrade to v4+ as it's no longer supported (extended support can be arranged, see https://voice.unifysolutions.net/knowledge-bases/7/articles/3321-identity-broker-support-policy).

0
Answered

Deletion of partition "DC=IdentityBroker"

Carol Wapshere 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by Curtis Lusmore 2 years ago 1

I have installed IdB 5.2.0.1 on a new Dev server and migrated the config from Production, which has IdB 5.0.4. I created the LDAP gateway and got the MA imported - however when I tried to make any changes to the MA I got a warning that it was going to delete the partitions "DC=IdentityBroker" (previously selected) and "cn=schema" (previously un-selected).

After backing up the MA I let it delete the partitions, and so far everything looks fine - I can run a Full Import and data was imported from the adapters.

So this is just a sanity check - was letting MIM delete that partition from the MA the right thing to do?

Answer
Curtis Lusmore 2 years ago

Hi Carol,

We changed the way the MIM MA retrieves partitions. It previously used the entries defined in the naming context of the root DSE, but it now uses the OUs underneath DC=IdentityBroker. This was to prevent using DC=IdentityBroker as a partition, as importing from DC=IdentityBroker involves querying multiple adapters and this proved problematic.

I don't believe that the deletion of those partitions should affect your solution, but if you do notice any problems please update this ticket.

0
Fixed

Value bp is not a valid hexadecimal number

Matthew Woolnough 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 2 years ago 5

Running a Delta import and Delta Sync from IdB Sharepoint connector and get the error below. Ran a Full Import and Full Synchronization & the error did not occur.  Ran a Delta import and Delta Sync again and error does not occur.

Not sure if I'll be able to replicate again, but raising regardless.


The extensible extension returned an unsupported error.
 The stack trace is:
 
 "System.ArgumentException: Value bp is not a valid hexadecimal number.
Parameter name: sourceValue
   at Unify.Framework.IO.DNComponentAttributeValueParserAdapter.Transform(String sourceValue)
   at Unify.Framework.IO.DistinguishedNameComponent.CreateDNComponent(String dnComponentString)
   at Unify.Framework.IO.DistinguishedNameConversionFromString.CreateDistinguishedName()
   at Unify.Product.IdentityBroker.ImportProxy.GetContainerName(String dn)
   at Unify.Product.IdentityBroker.ImportProxy.TryGetObjectClass(String dn, String& objectClass)
   at Unify.Product.IdentityBroker.ImportProxy.<EntryToDeltas>d__25.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__16`2.MoveNext()
   at System.Linq.Enumerable.<SelectManyIterator>d__16`2.MoveNext()
   at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
   at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__3`1.MoveNext()
   at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetImportEntries(GetImportEntriesRunStep importRunStep)
   at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1459.0"


Answer
anonymous 2 years ago

Hi Matt,

Thanks for raising this. This looks to be the same issue as DN Creation not escaping LDAP Reserved Characters. I've created a new build of the Identity Broker for Microsoft Identity Manager management agent which includes the fix from there, attached here: Unify.IdentityBroker.FIMAdapter.dll. Please update the DLL in the FIM Extensions directory and re-attempt the import.

0
Answered

PowerShell Transformation: Required Attribute

Matthew Woolnough 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 2 years ago 1

I want to use an attribute created in a PowerShell transformation in the DN, but am getting a "field not required" error.  How can I configure this new attribute as required?

Answer
anonymous 2 years ago

Hi Matt,

Good question. Currently there is no way to mark fields added via a PowerShell transformation as Required, but this is something we could look at adding support for. Please note though though that since you can't supply values in Add/Modify requests from an Identity Management platform for these fields (no way to reverse a PowerShell transformation), putting such a field in the Distinguished Name template would effectively block you from provisioning into that adapter.

0
Answered

Error enabling TLS from Management Agent

Richard Green 2 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 2 years ago 15

Hi Gents,

I'm configuring my IDB management agents, and I've noticed the following error being thrown when I try to enable TLS:


I have created a self signed cert and configured it within the interface.

For reference, I used the following command to create my cert:

New-SelfSignedCertificate -Type Custom -Provider "Microsoft RSA SChannel Cryptographic Provider" -Subject "CN=Unify.IdentityBroker" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(5)

Answer
anonymous 2 years ago

Please try Unify.IdentityBroker.FIMAdapter.dll and let me know how it goes.