Creation of a new Connector:

Pending Configurations - Can IdB ask the user if they want to navigate away and loose unsaved changes where possible & do away with pending configs?

Identity Broker Update Connector Config only allows modification of:
#Name
#Comment
#Queue when blocked
This functionality should be moved into the Connector configuration.

When connectors are added to a connector group, make it possible to apply configuration to all connectors within the group.
ie. service account, password, URL, etc can be changed in one place, rather than configuring each connector individually.

Hi Peter,

In section 8.1.3 Identity Broker Adpaters configuration for the Empower Person Adapter of the ACG CEO Technical Design document.

The first three transformation type are "Relation.Group" but the mapping configuration information is using TargetColumn and SourceColumn instead of GroupTarget and RelationReference.

Based on my understanding I assume this assume TargeteColumn should be GroupTarget and the SourceColumn should be RelationReference.

Please clarify.

Could someone please tell me, or point me towards, the documentation which tells me the exact requirements for the IdB service account.

Executing an MA attached to a disabled adapter will import the last processed entity count
See screenshot attached

The LDAP engine is unable to process multiple modify requests to a single entity if they occur on the same page. It is simple enough to make the request handler map entity IDs to a list of requests rather than just a single request, but the real problem is merging the changes on the change report (which deals with IConnectorEntitys). Perhaps the effects of the requests should be merged at a level higher than this.

There are currently no known systems that will send requests like this, so this is not urgent.

I have configured the following adapter which references a placeholder PERSON connector, and I am trying to get back an "Orgs" collection using a Relation.Group.dn transformation. The following is my adapter configuration:

        <!-- 000 Person -->
        <AdapterConfiguration BaseConnectorId="{A672CB12-2CA2-498b-8992-EAB883A1FC44}"
              AdapterId="{8291D830-AAA8-4e69-B4E7-AB1C4ABA53E7}"
              AdapterName="Person Adapter"
              class="person" >
          <dn>
            <dnComponent name="Field" key="AccountName" attributeType="UID" />
            <dnComponent name="Constant" value="People" attributeType="OU" />
          </dn>
          <adapterEntityTransformationFactory name="ChainList">
            <adapter name="Relation.Group.dn"
               InputKey ="AccountName"
               RelationshipConnectorId ="{429AE766-0A1F-404a-ACC1-B4804C859146}"
               RelationKey ="UserIDName"
               RelationReference ="subKey"
               GroupTarget="Orgs">
              <dn>
                <dnComponent name="Field" key="Code" attributeType="UID" />
                <dnComponent name="Constant" value="Orgs" attributeType="OU" />
              </dn>
            </adapter>
          </adapterEntityTransformationFactory>
          <image>removed</image>
        </AdapterConfiguration>

The problem I have is that this will return all (distinct) subKey objects associated with the UserIDName derived from an existing claims connector, where I only want to return those where another claims attribute ApplicationName="ESS". Is this possible, and if so how?

CSO have deployed an Identity Broker for SAS2IDM, which is a custom application (apparently written in-house by CSO?) which does nothing more than consolidate data from 43 school "SAS2000" instances of the same remote SQL database table into a consolidated single database (not sure but I think to separate tables within the same db) ... and at the same time constructing a unique key (school ID concatenated to student ID). This is achieved using a monolithic database view (suspect this is a SQL union).

Given that this tool was built (it seems) prior to UNIFY's engagement (some time after March 2011) to build the Identity Broker for SAS2IDM (CA November 2011 - although Shane Lim may have built an earlier version which wasn't used), there appears to be no discussion about how Identity Broker might be used to access each SAS2000 database using 43 separate instances of the same connector schema, and combine them into a single adapter, thereby making the SAS2IDM application redundant. This would be a good thing as it would dramatically simplify the architecture.

The question is this ...

Can such an adapter be built now using the latest 3.0.7 version of the Identity Broker software, using an adapter configuration something like the following:

compositeAdapterConfiguration>
<AdapterEngineCOnfigurations>
<Adapter Configuration BaseConnectorID="1" class="person />
<Adapter Configuration BaseConnectorID="2" class="person />
<Adapter Configuration BaseConnectorID="3" class="person />
...

or would a new transformation(s) need to be developed to support this?

Given that I can think of 2 sites where this requirement would have been considered too (News Ltd before they consolidated on a single HR instance, and an ACT education site somewhere), I expect this concept is not new.

To explain the architectural reason for consolidating 43 connectors into a single adapter like this is so that we have a single FIM MA with a single CS/MV/Portal object, currently managed by 10+10+10 FIM policy objects. If we tried to suggest 43 management agents here, that totally wouldn't fly (43x30=1290 FIM policy objects and a maintenance nightmare).

I am trying to configure IB to log different severity to different logs.

I have configured

<?xml version="1.0" encoding="utf-8" ?>
<LogWriter name="LogWriterFilterDecorator">
<logFilter name="Severity" severity="Error" />
<LogWriter name="CustomEventLog" customEventLog="IdentityBroker" />
<logFilter name="Severity" severity="All" />
<LogWriter name="CSV" prefix="IdentityBroker" directory="L:\Logs\Identity Broker" days="7" />
</LogWriter>

Is this config correct ?

What else do I need to do to see an Windows Event Log of "IdentiyBroker" ?

Do I need to and how can you explain how to configure .Net config to EventLogPermissionAccess.Write ?

TIA