Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Connector IdB UI failure during Induction for 4.1
While completing the Induction project using IdB 4.1 All connectors are broken in the IdB web UI. giving errors like below.
When following the instructions on https://unifysolutions.jira.com/wiki/display/PRDGRP/Setting+up+VirtualMachine2+-+IdentityBroker%2C+FIM+and+ActiveDirectory regarding copying the and upgrading the config files attached to the article. The upgrade process caused this exception in the UI.
The question is: Is this a config issue only and will not occur for a client under normal scenarios? or Is there improvements required within the UI code.
System.ArgumentException: Missing gtrForm attribute in <Extended>
<image>iVBORw.....SuQmCC</image>
<communicator logActive="True" gtrForm="det" gtrName="FRONTIER" gtrPassword="A" gtrAllowHttp="True" gtrShowTranslations="True" gtrListRequest="All" gtrChunkSize="1000" gtrEaiFile="EMDET" gtrEaiKey="Number" httpUri="http://192.168.16.20/Scalable/c21connect.asp" encoding="UTF-8" contentType="application/x-www-form-urlencoded" />
</Extended>
at Unify.Framework.XElementExtensions.AttributeValueModify(XElement sourceElement, XName attributeName, Action`1 modifyAttribute) in c:\TeamCity\buildAgent\work\aad7920828b5b314\Source\Xml\Unify.Framework.Xml\XElementExtensions.AttributeValues.cs:line 31
at Unify.Product.IdentityBroker.Chris21ConnectorInformationFactory.CreateComponent(XElement communicatorElement)
at Unify.Connect.Web.Chris21ConnectorController.Display(DisplayConnectorInformation displayInformation)
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c_DisplayClass15.<InvokeActionMethodWithFilters>b_12()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
Default url encoding might be wrong
Default encoding in the base http communicator does not match the default encoding coming from chris21.
chris21 can be changed to output UTF-8 (the default behaviour of the communicator), but this is not a robust long term solution.
UFCORE-56 will add the ability for the response encoding type to be changed, but the default will be UTF-8 (current behaviour). Identity Broker for Frontier chris21 should have it's use of the communicator information changed to default to UTF-7.
Example data (Célia outputs as C?lia):
detg1name1=%22C%E9lia%22
Identity Broker for Frontier chris21 - ability to use SSL with certificate that doesn't match endpoint address
CloudBroker requires the following:
- SSL on all communication
IDBCHRS will fail if the end-point address (a public DNS entry) is different to the certificate supplied by the IIS end-point, something that is entirely likely to happen if a customer cannot use their NAT to set up SSL and terminate at that address. For example:
IDBCHRS is set to connect to unify-demo-idbchrslite-1-chrs.cloudapp.net, however the AD certificate is issued by the domain CA which makes the certificate idbpc21-chrs.demo.unifysolutions.net.
The chris21 connector should permit the certificate to be determined by a name in the our configuration. The certificate must still be valid against the local machine certificate store.
Specified argument was out of the range of valid values. attributeValue
Runnning full import. Error below thrown.
20130301,02:06:36,UNIFY Identity Broker,Adapter,Warning,"Adapter import all entities for adapter failed. Adapter import all entities for adapter 6e91a985-feb0-4d17-9ed9-191d9cd85c86 failed with reason Specified argument was out of the range of valid values. Parameter name: attributeValue. Duration: 00:00:18.1931715 Error details: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. Parameter name: attributeValue at Unify.Framework.IO.DistinguishedNameComponent..ctor(DNAttributeType attributeType, String attributeValue) at Unify.Product.IdentityBroker.EntityFieldValueDistinguishedNameComponentGenerator`2.Transform(TEntity sourceValue) at Unify.Product.IdentityBroker.EntityDistinguishedNameGenerator`2.<>c__DisplayClass7.<Transform>b__6(IEntityDistinguishedNameComponentGenerator`2 factory) at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.EntityDistinguishedNameGenerator`2.GetDistinguishedName(Func`2 componentRetrieval) at Unify.Product.IdentityBroker.EntityDistinguishedNameGenerator`2.Transform(TEntity sourceValue) at Unify.Product.IdentityBroker.DistinguishedNameAttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at Unify.Product.IdentityBroker.ComposedDNAttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at Unify.Product.IdentityBroker.EntityDistinguishedNameStaticRelationValueAdapterBase.TransformEntity(IEntity baseValue, ILookup`2 lookupResults) at Unify.Product.IdentityBroker.EntityDistinguishedNameStaticRelationValueAdapterBase.<>c__DisplayClass7.<Transform>b__3(IEntity item) at System.Linq.Enumerable.WhereSelectArrayIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.EntityDistinguishedNameTimeRelationalValueAdapterBase`1.Transform(IEnumerable`1 sourceValue) at Unify.Framework.AggregateValueAdapter`1.<Transform>b__0(T current, IValueAdapter`2 valueAdapter) at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func) at Unify.Framework.AggregateValueAdapter`1.Transform(T baseValue) at System.Linq.Enumerable.<>c__DisplayClass12`3.<CombineSelectors>b__11(TSource x) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Unify.Framework.Collections.ActionOnExceptionEnumerator`1.MoveNext() at Unify.Framework.Collections.EnumerableExtensions.<ActionOnLast>d__17`1.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Enumerable.<ConcatIterator>d__71`1.MoveNext() at Unify.Framework.IO.LDIFComponentFileGenerator`1.GenerateFile(TextWriter writer, IEnumerable`1 entries) at Unify.Product.IdentityBroker.LDIFAdapterBase.<>c__DisplayClass14`1.<CreateLDIFComponentStream>b__13(Stream stream) at Unify.Framework.IO.LazyEvaluationStream.Evaluate(Object obj)",Normal
Identity Broker for chris21, how to configure the connector configuration for attribute containing binary data (photo), validator="binary"
Tatts Group wishes to flow binary data (photo) from chris21 into Identity Broker for chrs21 then to ILM 2007 and finally to an attribute in AD.
For Identity Broker for chris21, how to configure the connector configuration for attribute containing binary data (photo). Is there a validator="binary" for the entitySchema field?
We need to know this so that we can advice whether we can offer this as part of Tatts Group solution extension or not.
Note: Currently we do not know which form and field that will hold this binary photo data.
To add images to CHRIS21.doc
ArgumentNullException
The following error was displayed when creating an IDB Agent for Chris 21 without specifying a "Chris 21 Username" or "Chris 21 Password"
Error System.ArgumentNullException: Value cannot be null. Parameter name: value at System.Xml.Linq.XAttribute..ctor(XName name, Object value) at Unify.Product.IdentityBroker.Chris21AgentInformationAdapter.Transform(IChris21AgentInformation sourceValue) at Unify.Product.IdentityBroker.Chris21AgentInformationExtensions.TransformConfiguration(IChris21AgentInformation agent, ILogCommunicatorInformation logCommunicator, IHttpCommunicatorInformation httpCommunicator, Chris21AgentInformationAdapter agentInformationAdapter, LogCommunicatorInformationAdapter logCommunicatorInformationAdapter, HttpCommunicatorInformationAdapter httpCommunicatorInformationAdapter) at Unify.Connect.Web.Chris21AgentController.Serialize(Chris21AgentViewInformation viewInformation) at Unify.Connect.Web.Chris21AgentController.CreateOrEdit(Chris21AgentViewInformation viewInformation) at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Either Chris21AgentInformationAdapter shouldn't require the username/password, or the fields should be made required.
Investigate more efficient retrieval from and clearing of EAI table
At SSICT, a large initial export of 52000 updates to the DET table caused the EAI changes table to contain a similar amount of changes. This resulted in the Import Changes operation for the connector taking 9-10 hours to execute, and the EAI table for the DET form was not cleared. It was worked around by forcing a deletion of the CHEAI file following the initial load exercise. Investigate any improvements that can be made to this interface for environments where extremely large numbers of changes can take place.
Further investigation of chris21 change detection mechanisms
As part of IDBCHRS-34, the change detection mechanism has been updated such that the user will not be required to select the relevant "EAI Type" field, as this is believed to be too advanced for the goals of Identity Broker v4.0 (in particular, the "Parts" type). These require the user to have full understanding of how chris21 is sending its data back to Identity Broker, down to the position in the string returned, and be able to interpret the result in full.
The mechanism has been updated such that a large majority of forms are completely covered by the changes. However, some forms return change data which cannot be directly mapped back to a chris21 request, such as the ALW form:
cbr="eailst",gw_transactionid="186",eaiidentity="12051411062278000023200000000",eaifile="EMALW",eaichange="A",eaikeydata="OK1006 .79496PAATF00",eaiempno="OK1006",eaiempdate,eailogonid,updatetag="FRONTIER;20514110622",accesslevel="delete",status="ok"
The key for the form is made of 5 components, but things can be of varying lengths. Compare the above key data with:
eaikeydata="101137.79372EABT00"
eaikeydata="100500008790PON_P00"
Under the old mechanism, the user would need to add a Parts type and manually enter the position of the second key in the string in order to use EAI.
Given this complexity, investigate the success of the current changes to change detection for user requirements, further investigate the wrapping of these keys, and also consider alternate change mechanisms to overcome this apparent limitation (such as seeing the impact "Changes enabled" has on file tables).
A dictionary has been added for additional handling of specific forms in the future. Specific forms should be investigated and added to the dictionary.
Performing "Synchronise Import" on the Unify Termination connector for re-instating employee result in error in the Identity Broker log
AHG
When re-instate (changed from terminated to non-terminated) an employee in chris21, and attempted to perform a "Synchronise Import" on the Unify Termination Connector, the error below occurred.
Starting deletion of chris21 GTR EAI change files.",Verbose 20101221,05:58:17,chris21 GTR EAI Communicator,Poll,Information,Completed successfully after [00:00:01.3281250] duration.,Verbose 20101221,05:58:17,Request to get changes from connector.,Connector,Information,Request to get changes from connector Chris21 Termination Connector.,Normal 20101221,05:58:17,Get changes from connector completed.,Connector,Information,Get changes from connector Chris21 Termination Connector reported 1 changes. Duration: 00:00:00,Normal 20101221,05:58:17,Chris21 Termination Connector,GetEntities,Information,Started successfully.,Verbose 20101221,05:58:17,Request to get changes from connector.,Connector,Information,Request to get changes from connector Chris21 Termination Connector.,Normal 20101221,05:58:17,Get changes from connector completed.,Connector,Information,Get changes from connector Chris21 Termination Connector reported 1 changes. Duration: 00:00:00,Normal 20101221,05:58:17,Request to get changes from connector.,Connector,Information,Request to get changes from connector Chris21 Termination Connector.,Normal 20101221,05:58:17,Chris21 Termination Connector,GetEntity,Information,Started successfully.,Verbose 20101221,05:58:17,chris21 GTR EAI Communicator,Get,Information,Started successfully.,Verbose 20101221,05:58:18,chris21 GTR EAI Communicator,Get,Error,"Exception occured after [00:00:00.9843750] duration. System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute. Chris21 GTR returned no additional error messages. at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine) at Unify.Framework.Chris21GtrWorker.CheckGetResult(IChris21GtrRecord record) at Unify.Communicators.Chris21GtrCommunicatorBase.Get(IChris21GtrEntityKey entityKey)",Verbose 20101221,05:58:18,Chris21 Termination Connector,GetEntity,Error,"Exception occured after [00:00:00.9843750] duration. System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute. Chris21 GTR returned no additional error messages. at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine) at Unify.Framework.Chris21GtrWorker.CheckGetResult(IChris21GtrRecord record) at Unify.Communicators.Chris21GtrCommunicatorBase.Get(IChris21GtrEntityKey entityKey) at Unify.Connectors.Chris21GtrConnectorBase`1.GetEntity(MultiKeyValue entityId)",Verbose 20101221,05:58:18,Chris21 Termination Connector,GetEntities,Error,"Exception occured after [00:00:00.9843750] duration. System.IO.InvalidDataException: GTR result has an invalid status=""fail"" attribute. Chris21 GTR returned no additional error messages. at Unify.Framework.Chris21GtrWorker.CheckStatusAttribute(IChris21GtrCommandLine chris21GtrCommandLine) at Unify.Framework.Chris21GtrWorker.CheckGetResult(IChris21GtrRecord record) at Unify.Communicators.Chris21GtrCommunicatorBase.Get(IChris21GtrEntityKey entityKey) at Unify.Connectors.Chris21GtrConnectorBase`1.GetEntity(MultiKeyValue entityId) at Unify.Connectors.Chris21GtrConnectorBase`1.<GetEntities>b__4(MultiKeyValue entityId) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Connectors.Chris21GtrConnectorBase`1.GetEntities(IEnumerable`1 entityIds)",Verbose
Note: It is seems that if performing the "Synchronise Import" on the Unify Person connector first followed by "Synchronise Import" on the Unify Termination connector the error does not occur.
The error seems to occur when re-instating of an employee, but not when terminating an employee in chris21.
Please see attached Identit Broker log file a more complete log information.
Identity Broker not reading employee company code on some accounts
On some employee records in Chris21, Identity Broker cannot read the PDTORG1CD field for an enployee. This field is the "Company Code"
This issue has been around for some time and sometimes seems to resolve itself.
One example that we can see right now is an employee named Dianne Humphreys.
In Chris21 she has a Company code of MAA in the PDTORG1CD field.
When doing and Adapter Entity Search on the Chris21 GTR Person adapter via the Unify Management Studio, I cannot see any value in the PDTORG1CD field for that user.
Customer support service by UserEcho