Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Identity Broker Group membership relational tranformation with multi value attribute

Shane Lim 13 years ago updated by anonymous 8 years ago 8

I would like to use Identity Broker Group membership relational tranformation to construct the group membership.
What I would like to know is can we use string based multi-value attribute (value separated by comma) for the InputKey(info) and RelationKey (groupmember) to determine the matching such that one Group can have multiple criteria for determining which users can be it member.

Sample IdB Adapter configuration

				<!-- generating the multi-value Members attribute -->
				<adapter name="Relation.Group" 
					 InputKey="info"
					 RelationshipConnectorId="{cf81fc63-2206-413a-a102-804d399526de}"
					 RelationKey="groupmember"
					 RelationReference="employeeId"
					 GroupTarget="Members" >
					<dn>
						<dnComponent name="Field" key="employeeId" attributeType="UID" />
					</dn>
				</adapter>	

Example - The Security Group's info attribute in AD and Metaverse is a multi-value attribute. The user's groupmember attribute is a multi-value attribute (could be a string base comma separated values).

  • A Security Group (A) info attribute has these values: "Sales" and "Marketing".
  • Another Security Group (B) info attribute has these values: "General".
  • A user's (C) groupmember attribute has these values: "General" and "Sales".
  • Another user's (D) groupmember attribute has these values: "General" and "Marketing".
  • We want to user (C) and (D) to be a member of Security Group (A) and Security Group (B) based on the above information.

Can this be achieved?

0
Fixed

Composite key relational transformation breaking column sources

Tony Sheehy 11 years ago updated by anonymous 8 years ago 2

The composite key relational transformation hits key conflict as the same contribution is added for each relation for each column source.

This implementation is actually correct, the offending code is the Add call in the AdapterColumnSources which is missing logic that was not migrated in the 660 Rev ("IDB-231: Added support for multiple contributions to a transformation contribution.")

The rest of the changes in this revision need to be checked to confirm that they have been migrated.

Additionally, the UI has a bug in which a relationship that has already been added cannot be removed (the page just refreshes).

0
Fixed

Error thrown when removing exclusion period

Matthew Clark 12 years ago updated by anonymous 8 years ago 3

The following error was thrown when I attempted to delete one of the multiple exclusion periods on the schedule UI for a connector:

System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: A connector matching the id '00000000-0000-0000-0000-000000000000' could not be located. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: Unify.Framework.UnifyEngineException: A connector matching the id '00000000-0000-0000-0000-000000000000' could not be located. at Unify.Product.IdentityBroker.ConnectorRepository.GetConnector(Guid connectorId)
at Unify.Product.IdentityBroker.EventNotifierConnectorRepositoryDecorator.GetConnector(Guid connectorId)
at Unify.Product.IdentityBroker.ConnectorEngine.GetConnectorGetAllEntitiesTimings(Guid connectorId)
at Unify.Product.IdentityBroker.ConnectorEngineNotifierDecorator.GetConnectorGetAllEntitiesTimings(Guid connectorId)
at Unify.Product.IdentityBroker.ConnectorEngineAccessor.GetConnectorGetAllEntitiesTimings(Guid connectorId)
at Unify.Product.IdentityBroker.IdentityServiceCollector.GetConnectorGetAllEntitiesTimings(Guid connectorId)
at SyncInvokeGetConnectorGetAllEntitiesTimings(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instan...).

Potentially another issue caused by IE caching requests.

0
Fixed

Export throws null reference when attempting to update a deleted entity

Matthew Clark 12 years ago updated by anonymous 8 years ago 3

If an attempt is made to update an entity that has been deleted in Identity Broker, the following error is thrown:

System.Exception: Error occurred when attempting to save entity with distinguished name

CN=100001

Error:

Object reference not set to an instance of an object.
at Unify.Product.IdentityBroker.AdapterEntityExtensions.<>c_DisplayClass1.<ApplyChangesToAdapterEntity>b_0(KeyValuePair`2 item)
at Unify.Framework.Visitor.<>c_DisplayClass1`1.<Visit>b_0(T item, Int32 index)
at Unify.Framework.Visitor.VisitT(IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.AdapterEntityExtensions.ApplyChangesToAdapterEntity(IAdapterEntity adapterEntity, IAdapterEntitySaveBase adapterEntitySaveChange, Boolean removeCurrentValues)
at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
at SyncInvokeExportChanges(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)
at Unify.Product.IdentityBroker.IdentityBrokerManagementAgent.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)

The error message should indicate that the object has been deleted.

0
Answered

Hosting on Cassini does not start with multiple endpoints

Matthew Clark 12 years ago updated by anonymous 8 years ago 2

The Identity Broker service does not currently start due to the following error:

Service cannot be started. Unify.Framework.UnifyServiceStartException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'.
Parameter name: item ---> System.ArgumentException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. If your service is being hosted in IIS you can fix the problem by setting 'system.serviceModel/serviceHostingEnvironment/multipleSiteBindingsEnabled' to true or specifying 'system.serviceModel/serviceHostingEnvironment/baseAddressPrefixFilters'.
Parameter name: item
at System.ServiceModel.UriSchemeKeyedCollection.InsertItem(Int32 index, Uri item)
at System.Collections.Generic.SynchronizedCollection`1.Add(T item)...

Currently investigating possible solutions. Attempts to modify the web.config file as described in http://stackoverflow.com/questions/561823/wcf-error-this-collection-already-contains-an-address-with-scheme-http (and many other related sources) have not been successful, namely, adding

<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

to the system.serviceModel element, and adding a baseAddressPrefix, also result in the above error.

0
Answered

Are we able to filters users in IdB SAP / Callista connectors ?

Monash 9 years ago updated by anonymous 8 years ago 6

Is there a way to filter users/objects in IdB connector in SAP (sapPerson) or Callista?

If so, where can we do those settings?


JIRA64-1.JPG
JIRA64-2.JPG
0
Completed

Use Local Time consistently for log browsing

Richard Courtenay 10 years ago updated by anonymous 8 years ago 2

This impacts both Identity Broker 4.0.0.3 and FIM Event Broker 3.0.2.

I personally think it's counter intuitive that a days worth of logs is loading in a GMT based set of data but any times output to the UI are the local system timezone. I can't think of any situations where I want the dataset to be aligned to GMT. Ideally, if on the Logging section I select a days worth of logs (say 8 Feb 2014) then every log entry should appear in that date range starting at 12:00AM and going to 11:59PM.

I've atatched a screenshot where you can see the log starts and stops around 11AM which is counter intuitive for end user browsing and arguably incorrect given the mismatch between the page header and the actual log entries.


timezone.png
0
Completed

MSDTC problem between two IdB servers

Carol Wapshere 12 years ago updated by anonymous 8 years ago 15

I am getting a warning about MSDTC in the IdB log. Full imports work on server 2 but deltas give me no changes (though also no error).

I have followed the instructions in the IdB prereqs to set up MSDTC network permissions through Component Services. The windows firewalls are currently disabled on both servers. The MAs are using server names and tyhey report no connectivity problems.

What else should I check?

Here's the full error:

System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B)


TicksToUTC.exe
0
Fixed

Service fails to start (FileNotFoundException, FilterCustomAttributeRecord)

Matthew Woolnough 9 years ago updated by Dilip Ramakrishnan 6 years ago 11 1 duplicate

Application: Unify.Service.Connect.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
at System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)
at System.ModuleHandle.ResolveTypeHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
at System.Reflection.RuntimeModule.ResolveType(Int32, System.Type[], System.Type[])
at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(System.Reflection.CustomAttributeRecord, System.Reflection.MetadataImport, System.Reflection.Assembly ByRef, System.Reflection.RuntimeModule, System.Reflection.MetadataToken, System.RuntimeType, Boolean, System.Object[], System.Collections.IList, System.RuntimeType ByRef, System.IRuntimeMethodInfo ByRef, Boolean ByRef, Boolean ByRef)
at System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeModule, Int32, Int32, System.RuntimeType, Boolean, System.Collections.IList, Boolean)
at System.Reflection.CustomAttribute.GetCustomAttributes(System.Reflection.RuntimeAssembly, System.RuntimeType)
at System.Attribute.GetCustomAttributes(System.Reflection.Assembly, System.Type, Boolean)
at System.AppDomain.GetTargetFrameworkName()

Answer
Adam van Vliet 6 years ago

This has been fixed in the latest RC. The cause is Microsoft .NET v4.6 changing the way it resolves assembly level attributes.

0
Fixed

DN Generation for Membership List Transformation null reference

Matthew Clark 12 years ago updated by anonymous 8 years ago 3

When attempting to edit the DN generator for a membership list transformation, I received the following error:

System.ServiceModel.FaultException`1System.ServiceModel.ExceptionDetail: Object reference not set to an instance of an object. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is: System.NullReferenceException: Object reference not set to an instance of an object. at Unify.Product.IdentityBroker.AdapterEntityDNTransformationFactoryBase.GetDNGenerator()
at Unify.Product.IdentityBroker.AdapterEngine.GetDNGeneratorsForTransformation(Guid adapterId, Guid transformationId)
at Unify.Product.IdentityBroker.AdapterEngineNotifierDecorator.GetDNGeneratorsForTransformation(Guid adapterId, Guid transformationId)
at Unify.Product.IdentityBroker.AdapterEngineAccessor.GetDNGeneratorsForTransformation(Guid adapterId, Guid transformationId)
at Unify.Product.IdentityBroker.IdentityServiceCollector.GetDNGeneratorsForTransformation(Guid adapterId, Guid transformationId)
at SyncInvokeGetDNGeneratorsForTransformation(Object , Object[] , Object[] )
at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
at System.ServiceModel.Disp...).

Not yet known if the component is not working for other transformations.