Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Reverse Join, Conditional on Not-Null
Related to my ticket Join Condition on Not-Null, I need some processing on the connector side of the adapter to correctly join.
I want to join the position table back to the person table to resolve a positionReportsToPosition attribute to a personnumber but the person table contains two attributes with position numbers. One has a value or is null, the other always has a value. I want to use the first if it has a value, otherwise the second. Since I can't join adapters, there's nowhere to process this logic on the employee side.
Do I need to implement a PowerShell connector that queries the IdB DB like Carols script for flattening Org Units. It could just contain the employeeID and the calculated positionnumber.
Hey Daniel,
Querying the IdB DB is not a supported or endorsed operation. Doing this is at your own risk and has the potential to cause problems.
From what I understand, you're trying to get the person number of the manager based on someones position. Is that correct?
If so, as discussed in your other ticket we already have a join to that persons position. Using that join, we can get the positionReportsToPosition as you've mentioned above. You can then use that to join back to the employee connector onto one of the position fields. Tell it to pull back the person number into a new field, such as reportsPersonTemp Then add a second join again to the employee connector, but on the position field that's always full. Push this into a field such as reportsPersonPerm. You can then use a powershell transformation to determine which value to use - if the reportsPersonTemp is populated, then push that value into reportsPersonNumber. Otherwise, use the value from reportsPersonPerm.
When you configure a join, if there's no value to join on then the field won't be populated, so you'll be able to easily tell which value to use.
Join Conditional on Not-Null
I've had a look at the Join transformation and I don't think this functionality is there but is it possible to join one attribute if it has a value, otherwise join on another? Could this be achieved with a PowerShell transformation that populates a third attribute that does the non-null populating then join on that third attribute?
The object model that I've got this situation for is an Employee table and a Position table. The Employee table contains two attributes placePosition(contains the position number of the position someone is acting in, otherwise is null) and actPosition(contains the persons 'actual' position number, always has a value). I want to join Employee to Position on placePosition if it has a value, otherwise join to position on actPosition. Is the way to do this with a PowerShell transformation that calculates out the null to a third attribute, CurrentPosition or something, and then join on that.?
Hey Dan,
You're right - the powershell transformation mixed with a join transformation would be the best way to do this.
You would put the powershell transformation first, and have populate a third attribute called something like calculatedPosition. You'd use the logic as above - put the placePosition if it's populated, otherwise use actPosition.
Then you would add a join transformation, and join to the position connector using the calculatedPosition field. That way you're always going to join on the value that the powershell transformation populates.
Usability Improvement Rename Transformation
Two things,
there doesn't seem to be a need for IdB to add the text in the right hand column of the rename transformation after the attribute is selected in the left hand column. It jilts and takes a second to populate after the attribute has been selected from the drop down on the left. It'd be nicer if it just left the right column blank since the point of it is to rename the attribute, there's no need to get the old name pre-populated in the right side column field.
Can the tab order or something be changed so that when you press enter it clicks the add button (or does nothing). It's a bit of a data entry task adding the renames so hitting enter is natural and at the moment pressing enter clicks the Save Transformation button which clears any renames you've entered and haven't committed yet.
Staging error on MA because MIM is trying to import the same changes twice
We are seeing occasional (approx 1 per month) incidents of staging errors in a specific MA in MIM targeting UNIFY Broker 5.0. We can see the the changes from the previous import is trying to be reimported (e.g., trying to add a value to an attribute in both runs).
From previous discussions this issue is likely on the MIM side because of a watermarking failure, but is there a known workaround that can be put in to UNIFY Broker to manage this?
Unable to create Oracle DB agent on IDb v5.3.1 - Error Invalid connection string
We are trying to configure Oracle agent on IdB v5.3.1 Revision #0. Took the sample connection string at https://voice.unifysolutions.net/knowledge-bases/7/articles/2863-oracle-database-agent
as below but IdB does not accept the connection string and raise an error 'Invalid connection string' on "Save Agent"
Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=hostName)(PORT=1251)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=serviceName)));
We want to user a connection string is following format, if that is supported.
Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=MyHost)(PORT=MyPort))(CONNECT_DATA=(SERVICE_NAME=MyOracleSID)));
User Id=myUsername;Password=myPassword;
Hey Rizwan,
The second connection string that you've provided works as a valid input into UNIFYBroker. Can you give it a go and see if it connects to the database correctly?
Unfortunately the oracle page for connection strings no longer exists. See this link for an archive of it: https://web.archive.org/web/20130627000544/https://docs.oracle.com/cd/E11882_01/win.112/e18754/featConnecting.htm .
I'll update our documentation page with more relevant information
This operation returned because the timeout period expired
After many hours of processing the initial data load we are seeing repeated exceptions such as the following in the logs:
20190210,21:51:22,UNIFY Identity Broker,Adapter,Error,"Adapter Adapter c700d25d-1825-4caf-ad26-b01910879914 page errored on page reflection. Duration: 00:00:17.3285030. Error: System.AggregateException: One or more errors occurred. ---> System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeHashSet`1.Add(T item) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute() --- End of inner exception stack trace --- at System.Linq.Parallel.QueryTaskGroupState.QueryEnd(Boolean userInitiatedDispose) at System.Linq.Parallel.AsynchronousChannelMergeEnumerator`1.MoveNextSlowPath() at System.Linq.Parallel.QueryOpeningEnumerator`1.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func) at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner() at Unify.Product.IdentityBroker.Adapter.ReflectChanges() at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges() at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges() at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__9_0(IOperationalAdapter adapter) ---> (Inner Exception #0) System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeHashSet`1.Add(T item) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute()<--- ---> (Inner Exception #1) System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeCollectionBase`2.Remove(TValue item) at Unify.Framework.Data.LinqContextConversionWithUpdateBase`5.UpdateOnSubmitDelegate(TInterface obj) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute()<--- . Error details: System.AggregateException: One or more errors occurred. ---> System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeHashSet`1.Add(T item) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute() --- End of inner exception stack trace --- at System.Linq.Parallel.QueryTaskGroupState.QueryEnd(Boolean userInitiatedDispose) at System.Linq.Parallel.AsynchronousChannelMergeEnumerator`1.MoveNextSlowPath() at System.Linq.Parallel.QueryOpeningEnumerator`1.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at System.Linq.Enumerable.Aggregate[TSource,TAccumulate](IEnumerable`1 source, TAccumulate seed, Func`3 func) at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner() at Unify.Product.IdentityBroker.Adapter.ReflectChanges() at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges() at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges() at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.<runbase>b__9_0(IOperationalAdapter adapter) ---> (Inner Exception #0) System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeHashSet`1.Add(T item) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute()<--- ---> (Inner Exception #1) System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4) at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout) at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout) at Unify.Framework.Collections.ThreadsafeCollectionBase`2.Remove(TValue item) at Unify.Framework.Data.LinqContextConversionWithUpdateBase`5.UpdateOnSubmitDelegate(TInterface obj) at Unify.Product.IdentityBroker.EntityBase`3.SetValue[TValue](TKey key, TValue value) at Unify.Product.IdentityBroker.AttributeMapper.MapAttributeValues(IEntity leftSideEntity, IEntity rightSideEntity) at System.Linq.Parallel.PartitionedDataSource`1.ListContiguousIndexRangeEnumerator.MoveNext(T& currentElement, Int32& currentKey) at System.Linq.Parallel.PipelineSpoolingTask`2.SpoolingWork() at System.Linq.Parallel.SpoolingTaskBase.Work() at System.Linq.Parallel.QueryTask.BaseWork(Object unused) at System.Threading.Tasks.Task.Execute()<--- ",Normal</runbase></runbase>
During this time the CPU is near 100% and the processed entity counts do not seem to move - we have been stuck on Processed Entity Count = 30304, Pending Changes = 7654 since 4:30 am this morning.
Logs will be attached along with Extensibility files in the ticket comments.
Identity Broker version is 5.2.1 RTM
Broker console is presently unresponsive.
Additionally we understand there may be one or more duplicates present in the source data, and there is at least one adapter join which is not on a keyed column.
Urgent assistance is requested to identify and resolve issues preventing data load and completion of deployment (TEST and PROD in parallel) to allow customer UAT to commence.
Does This Connector Require Unify Identity for Aderant Expert?
There's no adapter using Aderant expert however this connector references it and I have a service not starting. Does the below configuration indicate that Unify for Aderant Expert is required?
Adapters do not require knowledge of a connectors type, they just reference them by id.
The configuration provided is that of an Aderant connector. You'd need the Aderant connector installed for this configuration to load, yes.
IDB Upgrade Problem - Service no start
I'm upgrading Identity Broker to UnifyBroker for a customer and the service isn't starting. No errors show up in Event Viewer and after attempting to start the service, the service status sits at "Starting" and nothing else can be done with it until a restart. There's nothing in the Identity Broker logs folder. Any clues as to where to look next?
That is the wrong version connector. The major and minor versions (first two numbers) of a connector must match the version of Broker your installing them into.
Upgrade from 4->5 Bug
In a lab I ran an in-place upgrade from IdB4 to Broker5. The first time I ran the installer, it failed saying that it couldn't find the web.config xml file. I checked and the file wasn't there at that point in time. The installer rolled back, removing the v4 installation but leaving the configuration. I ran the installer again and it ran successfully but when I navigated to the identity broker page, I got the standard custom errors warning so I changed it to remote only and got the following error page. I haven't done anything since. What would you recommend I do next? Try a re-install or mess around with .dlls or what? (I changed the port to 8888 when it was v4 and that persisted into 5)
Identity Broker for FIM v4
Hi Is there documentation for version 4 somewhere? I'm trying to create an MA that connects to Identity Broker v4.1.4. I've installed installed Identity Broker for FIM v4 and put the .dll it copies into the extensions folder of FIM but I don't know what to do next since the v5 doco using an ecma 2 connector. I thought that in v4, going to the adapter settings you could generate an xMA from there but the option doesn't appear to be there. How do I create an Identity Broker MA?
Not specifically versioned documentation. The intention is that the documentation is "evergreen" and that new concepts are incorporated into the documentation and concepts that are deprecated received their own page. This was to resolve issues people had navigating the more complex structure that was required to maintain multiple versions of documentation and also remove the issues caused by having to maintain multiple versions.
Customer support service by UserEcho
