I would like to use Identity Broker Group membership relational tranformation to construct the group membership.
What I would like to know is can we use string based multi-value attribute (value separated by comma) for the InputKey(info) and RelationKey (groupmember) to determine the matching such that one Group can have multiple criteria for determining which users can be it member.

Sample IdB Adapter configuration

				<!-- generating the multi-value Members attribute -->
				<adapter name="Relation.Group" 
					 InputKey="info"
					 RelationshipConnectorId="{cf81fc63-2206-413a-a102-804d399526de}"
					 RelationKey="groupmember"
					 RelationReference="employeeId"
					 GroupTarget="Members" >
					<dn>
						<dnComponent name="Field" key="employeeId" attributeType="UID" />
					</dn>
				</adapter>	

Example - The Security Group's info attribute in AD and Metaverse is a multi-value attribute. The user's groupmember attribute is a multi-value attribute (could be a string base comma separated values).

• A Security Group (A) info attribute has these values: "Sales" and "Marketing".
• Another Security Group (B) info attribute has these values: "General".
• A user's (C) groupmember attribute has these values: "General" and "Sales".
• Another user's (D) groupmember attribute has these values: "General" and "Marketing".
• We want to user (C) and (D) to be a member of Security Group (A) and Security Group (B) based on the above information.

Can this be achieved?

The composite key relational transformation hits key conflict as the same contribution is added for each relation for each column source.

This implementation is actually correct, the offending code is the Add call in the AdapterColumnSources which is missing logic that was not migrated in the 660 Rev ("IDB-231: Added support for multiple contributions to a transformation contribution.")

The rest of the changes in this revision need to be checked to confirm that they have been migrated.

Additionally, the UI has a bug in which a relationship that has already been added cannot be removed (the page just refreshes).

The following error was thrown when I attempted to delete one of the multiple exclusion periods on the schedule UI for a connector:

Potentially another issue caused by IE caching requests.

If an attempt is made to update an entity that has been deleted in Identity Broker, the following error is thrown:

The error message should indicate that the object has been deleted.

The Identity Broker service does not currently start due to the following error:

Currently investigating possible solutions. Attempts to modify the web.config file as described in http://stackoverflow.com/questions/561823/wcf-error-this-collection-already-contains-an-address-with-scheme-http (and many other related sources) have not been successful, namely, adding

<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

to the system.serviceModel element, and adding a baseAddressPrefix, also result in the above error.

Is there a way to filter users/objects in IdB connector in SAP (sapPerson) or Callista?

If so, where can we do those settings?

This impacts both Identity Broker 4.0.0.3 and FIM Event Broker 3.0.2.

I personally think it's counter intuitive that a days worth of logs is loading in a GMT based set of data but any times output to the UI are the local system timezone. I can't think of any situations where I want the dataset to be aligned to GMT. Ideally, if on the Logging section I select a days worth of logs (say 8 Feb 2014) then every log entry should appear in that date range starting at 12:00AM and going to 11:59PM.

I've atatched a screenshot where you can see the log starts and stops around 11AM which is counter intuitive for end user browsing and arguably incorrect given the mismatch between the page header and the actual log entries.

I am getting a warning about MSDTC in the IdB log. Full imports work on server 2 but deltas give me no changes (though also no error).

I have followed the instructions in the IdB prereqs to set up MSDTC network permissions through Component Services. The windows firewalls are currently disabled on both servers. The MAs are using server names and tyhey report no connectivity problems.

What else should I check?

Here's the full error:

System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B)

Application: Unify.Service.Connect.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
at System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
at System.ModuleHandle.ResolveTypeHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
at System.Reflection.RuntimeModule.ResolveType(Int32, System.Type[], System.Type[])
at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(System.Reflection.CustomAttributeRecord, System.Reflection.MetadataImport, System.Reflection.Assembly ByRef, System.Reflection.RuntimeModule, System.Reflection.MetadataToken, System.RuntimeType, Boolean, System.Object[], System.Collections.IList, System.RuntimeType ByRef, System.IRuntimeMethodInfo ByRef, Boolean ByRef, Boolean ByRef)
at System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeModule, Int32, Int32, System.RuntimeType, Boolean, System.Collections.IList, Boolean)
at System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeAssembly, System.RuntimeType)
at System.Attribute.GetCustomAttributes(System.Reflection.Assembly, System.Type, Boolean)
at System.AppDomain.GetTargetFrameworkName()

When attempting to edit the DN generator for a membership list transformation, I received the following error:

Not yet known if the component is not working for other transformations.