Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Older Installations
Hi,
Can I get the installation for broker 4.1.1. I want it for two things, first is to lab an upgrade if I get a chance, the second thing is because the PS process for an IdB upgrade is to run 4 and 5 in parallel so that we can compare an old and new MA. To run in parallel, I'll need to install 4 on another server while the original server is upgraded. The v4 instance will then be decommissioned once the testing has been done.
Hi Dan,
All available downloads can be found at https://downloads.unifysolutions.net/
Upgrade for IdB4
I have a couple of questions around an upgrade from idb4 to UnifyNow
- How long should it take?
- It's not in-place is it?
- What would be the step-by-step for migrating config? ie. I can't look at the config if I've already uninstalled 4
- What's the process for migrating between environments? Do I just copy the extensibility folder and then update connection strings/credentials in the browser?
- Why is SQL server 2014 recommended?
How long should it take?
Which part are you referring to? If it's the installation, a few minutes. If you mean end-to-end, including the new MA's, you'd be better placed to dig into PS references as it has been done numerous times there.
It's not in-place is it?
https://voice.unifysolutions.net/knowledge-bases/7/articles/2938-upgrading-the-unifybroker-service
What would be the step-by-step for migrating config? ie. I can't look at the config if I've already uninstalled 4
https://voice.unifysolutions.net/knowledge-bases/7/articles/2938-upgrading-the-unifybroker-service
What's the process for migrating between environments? Do I just copy the extensibility folder and then update connection strings/credentials in the browser?
Why is SQL server 2014 recommended?
It's not, it says "or newer" (https://voice.unifysolutions.net/knowledge-bases/7/articles/2920-unifybroker-installation-prerequisites)
UNIFYBroker Entity Search Throwing an error
Hi Guys,
When clicking on the entity count to do an entity search (Both Connector and Adapter). I can't seem to perform an entity search. I get the following error:
Error
System.AggregateException: One or more errors occurred. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Connect.Web.IdentityBrokerEntitySearchController.CurrentEntities(EntityRetrievalInformation`1 information)
at Unify.Connect.Web.IdentityBrokerEntitySearchController.<EntityData>d__35.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at lambda_method(Closure , Task )
at System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass34.<BeginInvokeAsynchronousActionMethod>b__33(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3c()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass45.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3e()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass30.<BeginInvokeActionMethodWithFilters>b__2f(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<>c__DisplayClass28.<BeginInvokeAction>b__19()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<BeginInvokeAction>b__1b(IAsyncResult asyncResult)
---> (Inner Exception #0) System.Threading.Tasks.TaskCanceledException: A task was canceled.<---
This error hasn't always occurred, however recently the error is appearing for connectors/adapters with high entity counts (lower entity count connectors/adapters seem to be fine).
Current IDB version: v5.3.1
Troubleshooting so far:
* Restart the UNIFYBroker Service
* Rebuilt all indexes on the UNIFYBroker Database
Let me know if you need more information.
Thank
Reasons for Upgrade?
I have a customer on version 4 of Identity Broker and there's some interest in an upgrade. What is the current version of UnifyBroker? And what reasons are there to give them to upgrade from 4? Their main complaint is with the connector browsing and searching being unresponsive and ambiguous as to whether a search has loaded or no results have returned. Has there been work done on the search/browse for connectors? What else is good about the new version compared to 4?
Hey Dan,
The current version of Identity Broker is 5.3.1.1.
For a complete list of high-level features since 4.0, please see this link:
https://voice.unifysolutions.net/knowledge-bases/7/articles/3058-unifybroker-release-notes
The UI has been changed to use a REST endpoint, and improvements made so there's no longer issues with the browsing and searching being unresponsive.
The other main benefits of upgrading include:
- using LDAP for data between IDB and MIM, which allows for faster data and more flexible MA configuration
- Powershell adapter transformations
- Auditing
Identity Broker 4.x is also out of support, so it would be in their best interests to upgrade. 5.3 will be supported until at least 03/2023.
Where to find Credentials from FIM
I'm working with an existing implementation and looking to do a refresh of a dev environment with what's in prod. I'll need all the MA credentials to do that and no one has a record of the identity broker credentials. They're using version 5 (the one that shows as version 0.0.5). Is there anywhere I can lookup or reset the credentials that are used to connect to Identity Broker from the FIM IdB Management Agent?
Hi Dan,
There's no way to retrieve existing credentials, but you can create a new account which will work the same.
See this link for documentation on achieving this: https://voice.unifysolutions.net/knowledge-bases/7/articles/2948-configuring-ldap-gateway-authentication-accounts
SQL Connector/Adapter
I haven't worked with UNIFYBroker in some time. I've got a SQL Connector/Adapter here and I'm looking for the table that it's connecting to. The agent has a connection string in it that specifies the server and the database but not the table name and the connector doesn't contain the table name either. I can see when I create a new connector I can choose a schema provider. Can you explain how a connector knows which table it is connecting to or does it pool all the attributes from all tables in the database - I thought that's what an adapters do. There's no UNIFYBroker\SQL category so I've left uncategorized.
You can also get back to that view by editing the connector, however the table name should be visible on the connector details page.
The table name should also definitely be in the extensibility file and should look like this:
<Extended> <communicator owner="dbo" table="mytable" readThreshold="1000" /> </Extended>
If this isn't the case, can you provide screenshots and the extensibility file?
"A task was cancelled' when refreshing connector schema
After upgrading to Aurion connector 5.3.0.0, on Broker 5.3.1.1, I cannot update the schema for most of my connectors. After choosing "Query fields" it appears to run for 1-2 minutes then fails with "A task was cancelled". I can't see anything in the IDB log file relating to this. The Full Import of the connector runs.
Export error "Other"
When exporting to IdB from MIM in a customer DEV lab I am getting this error.
MIM reports "other"
detail shows connected data source error code 0x8023134a
detail button gives
System.Exception: Status: 0
at Unify.IdentityBroker.D2L.Agent.DefaultCommunicator.SendCommand(String urlPath, Method method, Object data) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Agent\DefaultCommunicator.cs:line 161
at Unify.IdentityBroker.D2L.Agent.DefaultCommunicator.Update(AgentEntity entity) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Agent\DefaultCommunicator.cs:line 96
at Unify.IdentityBroker.D2L.Connector.Connector.UpdateEntity(IConnectorEntity entity, ISaveEntityResults`2 results, DefaultCommunicator communicator) in C:\Projects\TAFE\Repositories\Connectors.D2L\V5 Connector\Source\Connector\Connector.cs:line 199
idb log shows:
19/Nov/2018 16:45:59 |
| LDAP Engine | A client has connected to the LDAP endpoint from address: 127.0.0.1:62654. |
19/Nov/2018 16:45:59 |
| LDAP engine | Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:62654 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.1093702. |
19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:62654 completed successfully. Duration 00:00:00. |
19/Nov/2018 16:46:00 |
| Connector | Request to add entity to connector. Request to add entities [Count:5] to connector D2L Connector. |
19/Nov/2018 16:46:00 |
| Connector | Add entities to connector completed. Add entities [Count:5] to connector D2L Connector reported 5 entities saved. Duration: 00:00:00.2656223 |
19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:62654 completed successfully without results available for logging. Duration 00:00:00.5312437. |
19/Nov/2018 16:46:00 |
| LDAP engine | Handling of LDAP Bulk End request. Handling of LDAP Bulk End request received from user admin on connection 127.0.0.1:62654 completed successfully without results available for logging. Duration 00:00:00. |
19/Nov/2018 16:46:01 |
| LDAP engine | Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:62654 to connect as user admin completed successfully. Duration: 00:00:00. |
19/Nov/2018 16:46:06 |
| Change detection engine | Change detection engine unscheduled started. Change detection engine unscheduled for connector D2L Connector started. |
19/Nov/2018 16:46:06 |
| Change detection engine | Change detection engine unscheduled completed. Change detection engine unscheduled for connector D2L Connector completed. Duration: 00:00:00.1093760 |
So everything looks fine from the IdB end, but MIM whinges and fails. Any idea where I should look?
Hey Eddie,
The D2L connector is a Professional Services connector that has been custom written for the customer.
To help you out, I had a quick look at the source, and that error comes from the request to the web service. The HTTP status code being returned is 0 and so therefore indicates an issue with the web service.
To assist with debugging, you could turn on diagnostic logging - the connector appears to have some logging help built in which logs the raw request and response.
I'd also recommend ensuring that the web service is functioning correctly.
If all else fails, contacting the PS developer who wrote the connector is recommended - they should be able to help out with debugging the issue.
Generate a String Multi Value attribute from a String single value attribute
Hi,
Version IDB 5.0.3
Can the "Merge Collections Transformation" be used to generate a multivalue string adapter element from a single value connector attribute, and if not, how can this be achieved?
Thanks.
Regards,
It doesn't appear to (from the code) - it generates an adapter field from the first selected field (which would be a single valued field). It should be pretty easy to confirm, e.g. CSV connector.
Alternatively either upgrade to v5.1+ (https://voice.unifysolutions.net/knowledge-bases/7/articles/3058-unifybroker-release-notes) and to use the PowerShell transformation. Or write an import flow rule in the identity management platform of choice.
If you believe this is a scenario that would be of benefit to have included in the product, please raise a feature request. It would be helpful to also know the use case that you're trying to solve.
Thanks.
LDAP bulk update request postponed
In a customer DEV environment I am exporting some users from MIM and get an
ma-extension-error
0x80230703
unexpected-error reported for all of them by MIM
The eventvwr error is
The management agent controller encountered an unexpected error.
"BAIL: MMS(9724): extensionmanager.cpp(620): 0x80230703 (unable to get error text)
BAIL: MMS(9724): extensionmanager.cpp(2648): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(2150): 0x80230703 (unable to get error text)
BAIL: MMS(9724): export.cpp(521): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(9848): 0x80230703 (unable to get error text)
BAIL: MMS(9724): ..\cntrler.cpp(8569): 0x80230703 (unable to get error text)
Forefront Identity Manager 4.3.2124.0"
and IdB shows this in the log
05/Nov/2018 16:35:00 |
| LDAP Engine | A client has connected to the LDAP endpoint from address: 127.0.0.1:59560. |
05/Nov/2018 16:35:00 |
| LDAP engine | Handling of LDAP bind request. Handling of LDAP bind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. The bind was successful. Duration: 00:00:00.0937243. |
05/Nov/2018 16:35:02 |
| LDAP engine | Handling of LDAP Bulk Start request. Handling of LDAP Bulk Start request received from user admin on connection 127.0.0.1:59560 completed successfully. Duration 00:00:00.0010018. |
05/Nov/2018 16:35:03 |
| LDAP engine | Handling of LDAP Bulk Update request. Handling of LDAP Bulk Update request received from user admin on connection 127.0.0.1:59560 was postponed as it was not the next expected bulk request. This request will be handled as part of a future request. Duration 00:00:00.5950385. |
05/Nov/2018 16:36:22 |
| LDAP engine | Handling of LDAP unbind request. Handling of LDAP unbind request received on connection 127.0.0.1:59560 to connect as user admin completed successfully. Duration: 00:00:00. |
None of these error messages really tell me what is going on. Any idea what the "postponed as it was not the next expected bulk request." thing is all about?
As you use the UniqueIdentifier
field in the DN template, which is a required field on the connector, that field needs to be included in the export (which I can see in the trace was not included).
Customer support service by UserEcho