Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Individual Scheduler Pausing
Currently to pause a schedule for an connector you have to either disable the connector or delete the schedule for that connector.
Sometimes you want to stop the schedule for one specific connector, but still be able to run the connector. Would it be possible to add in a pause option for individual schedules per connector rather than the overall schedule?
Port UNIFYBroker Azure O/S Platform
It is becoming an impediment to future UNIFY* opportunities, particularly in the hosted solution space, that UNIFYBroker runs only on the Windows Server O/S. If porting it to run natively on Azure would significantly reduce the current hosting impediments, while at the same time retain the natural partitioning between sites that comes from hosting the service within a VM, this would be of significant benefit to all parties from Sales to Implementation. It would also make the idea of having Broker 3rd-party configurable more of a possibility.
Capability currently provided through the UNIFYConnect service offering. Can be provided for demos or poc's as necessary.
Further improvements will be provided in a future release of the product (version 6.0)
Identity Broker dashboard enhancements
In doing development I found myself continually jumping between IDB Connector and Adapter pages to look at high level statistics such as polling object counts and pending changes on a few adapters - this can result in having half a dozen tabs open for this purpose.
As an enhancement it would be nice if the IDB Dashboard displayed some more high level statistics such as last run time/status, object counts and pending changes (for adapters) to get a more complete view of the system state.
This is definitely something that will be considered if/when we do the UI rewrite.
Add support for integration external Workflow/Ticketing systems
Add support for integration external Workflow/Ticketing systems
Clarification of the Register-Contribution function
Hi,
Just seeking some clarification about how the "Register-Contribution" functions on PowerShell Schema transformations and what scenarios this applies to.
For example, if I have 2 fields Field1 and Field2 and apply the function like: "Register-Contribution Field1 Field2". Does this mean that a change to Field1 will trigger reprocessing changes of any transformations for Field2?
Also, would I be correct in assuming that this can be used to help process Time Offset Flag transformations where there may not necessarily be a change to retrigger evaluation of the flag?
Thanks,
Liam
Hey Liam,
There's a good explanation on this ticket which might help: https://unifyvoice.userecho.com/communities/6/topics/5330-time-offset-flag-not-re-evaluated-when-current-time-passes-source-field-timestamp
But essentially Field1 is a field you're creating with your powershell schema, and Field2 is an existing field which is used in calculating the result of Field1. You can call Register-Contribution multiple times on the same field, if more than one field contributes to it (see the detail at the bottom of this response)
The main use case for this is to allow automatic change detection through powershell transformations. Prior to this feature, the Broker change detection engine didn't know what the powershell script was doing - which fields were being used, and which fields were being output. Therefore, it had no way of knowing whether a change for a field should result in a change for another field.
So if you're using time offset flag transformations, where the input to your transformation is the result of a powershell script, then yes - this feature is the main use case. If you're using a time offset flag transformation with normal field mappings, then this transformation should already generate future dated changes for reprocessing even if there's no other adapter changes to trigger this.
It was something added as a patch in 5.3, and we've yet to do a documentation pass to add updated doco for it (we've got a draft ready for 6.0)
Some more technical detail on the contribution specifically which might help:
The signature of Register-Contributionis:
Register-Contribution -fieldName <string> -contributingField <string>
where fieldName is the name of the new field created with New-Field, and contributingField is the name of a pre-existing field that contributes to the new field in some way. This can be called multiple times for new fields that are contributed to from multiple pre-existing fields.
For example:
New-Field 'convertedValue' 'int'; New-Field 'joinedTS' 'timestamp'; Register-Contribution 'convertedValue' 'origValue'; Register-Contribution 'joinedTS' 'date'; Register-Contribution 'joinedTS' 'time';
Note that for most, normal usage of the PowerShell conenctor it won't be necessary to register field contributions. Time Offset Flag and Business Day Offset Flag transformations which use generated fields are the main reason why this would be needed.
Error When Creating or Editing Multivalued Group Transformation on Adapter
I get the following error either when creating a new multivalued group transform or when editing one that already exists. It occurs after you hit save on the Pick Connector screen.
Where does the HPRM connector source its schema from?
Hi Team,
We are currently experiencing an issue with a HPRM Associations Connector where by the schema has seemingly updated automatically and changed the Key attribute's (Uri) required value to 'false'. It also seems the field is locked (see in the below image) so it cannot be manually overridden to put the connector back in a working state.
This then, as a result, breaks the corresponding Adapter as the Uri field is used as a part of the DN. Broker provides the following error in the logs:
"
An error has occurred: Error in adapter HPRM Associations distinguished name configuration: The DN component part 'CN=[Uri]' could not be executed as the field Uri is not required. An empty field would result in a DN of 'CN='.
full error:
System.Exception: Swagger Exception could not be parsed. SE response code: 500; SE response text: {"Message":"An error has occurred.","ExceptionMessage":"Error in adapter HPRM Associations distinguished name configuration: The DN component part 'CN=[Uri]' could not be executed as the field Uri is not required. An empty field would result in a DN of 'CN='.","ExceptionType":"Unify.Framework.UnifyConfigurationException","StackTrace":" at Unify.Product.IdentityBroker.AdapterEngine.ValidateAdapterForEnabling....
"
Checking the UAT environment, I can see that the HPRM Associations connector still has the Uri field's required value set to true.
I can see the fix for this particular issue would be fix the source for wherever the schema is being drawn from. So I'm looking to see if you could tell me where the Connector is getting the schema from. In addition as it seemly committed a modification to the schema from the source without a user committing it through the GUI, would you be able to elaborate on when the connector commits changes to the schema?
Thanks in advance
Support for multi-valued attribute in the SCIM gateway
I am looking into getting multi-role support for Azure App Provisioning with UNIFYBroker following the process described on this page: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#provisioning-a-role-to-a-scim-app
Specifically, I’m using the ‘AppRoleAssignmentsComplex’ case, because some customers need the multi-role scenario (i.e. users can be assigned to multiple roles for the same app).
To make this work Azure needs to use a SCIM attribute that supports multi-values (see ‘Example output’ for a non-normative example).
Are there any multi-valued attributes in the current UNIFYBroker SCIM gateway implementation that I can use for this?
If not then is it possible to implement one using the current SCIM library, or will it only be possible once the SCIM gateway is ported across to a different DLL?
Controller Unify.Product.IdentityBroker.Chris21ConnectorController errored on action UpdateConnector with the following reason: Model state invalid for: connectorInformation.Extended.EaiFlagDeleteAttribute: The EaiFlagDeleteAttribute field is required.
When updating the Name configuration of a Chris21 connector, the following error appears:
An error has occurred: Controller Unify.Product.IdentityBroker.Chris21ConnectorController errored on action UpdateConnector with the following reason: Model state invalid for: connectorInformation.Extended.EaiFlagDeleteAttribute: The EaiFlagDeleteAttribute field is required.
This is the latest version of everything (UNIFYConnect 'demo.local' environment).
Cannot compare dissimilar column types uuid and bigint at record column 1
All my UNIFYConnect adapters are showing the following error in the log, and all the Pending Changes are stuck in the adapter:
This is happening on the Netwealth UNIFYConnect instance.
Could you please investigate and fix or let me know what I've done wrong?
Patch attached for future reference, should go in the /Services/ directory.
Customer support service by UserEcho
