Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
SAP timing configuration for IdB 3.*
The following is the timing configuration for one of 10 connectors defined in the IdB 2.* solution currently in Production:
<getAllEntities> <timing name="RecurringTimespan"> <timespan value="3600000000" /> </timing> </getAllEntities> <polling> <timing name="RecurringTimespan"> <timespan value="3600000000" /> </timing> </polling>
... i.e. reading this literally, both full AND delta every 6 minutes!!!
I had converted the above to the following for IdB 3.* - mainly for readability:
<getAllEntities> <timing name="Daily" offset="21:00:00" /> </getAllEntities> <polling> <timing name="RecurringTimespanStandardTime"> <timespan value="00:10:00" /> </timing> </polling>
... on the basis that it seemed silly to have both nodes set at the same frequency. I have been happily testing with this for the last couple of days ... but had started to notice that polling wasn't working .
I had not noticed the "delta import" button on the UNIFY Management Studio 3.* toolbar before Friday, but when I click on this for the above IdB 3.* connector configuration I get the following error in the IdB log:
Timestamp Severity Source Module Message 8/04/2013 1:49:57 PM Warning Change detection engine poll failed. Change detection engine "Change detection engine poll for connector Organisational Structure Connector failed with reason The connector 7d7e4969-2a73-4669-848c-67cb72c7867c does not support polling.. Duration: 00:00:00.0361342 Error details: System.NotSupportedException: The connector 7d7e4969-2a73-4669-848c-67cb72c7867c does not support polling. at Unify.Framework.ConnectorToPollingConnectorBridge.get_PollingConnector() at Unify.Framework.ConnectorToPollingConnectorBridge.PollChanges(IStoredValueCollection changeState) at Unify.Framework.EventNotifierPollingConnectorDecorator.PollChanges(IStoredValueCollection changeState) at Unify.Framework.ChangeDetectionPollJob.RunBase() at Unify.Framework.JobBase.Run() at Unify.Framework.MutexJobDecorator.Run() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)"
I then went looking in the JIRA doco for this connector, including here, but couldn't find any doco about whether or not this connector should support polling.
Is the Production configuration wrong but nobody has ever noticed? It is consistent with version 2.4 of the spec which says the following:
15.2 Identity Broker
Connector Event Timespan Description
SAP HCM GetAllEntities 3600000000
SAP HCM Polling 3600000000
I suspect the SAP HCM connector has somehow never been a polling connector ... but I just wanted to make sure!
Simple way to test aurion connectivity for Identity Broker
Identity Broker needs to keep a connection open to Aurion for an extended period of time and we can have problems with proxies and firewalls cutting the connection. Is there something we can give to the network guys at a customer to prove to them where the connection is being cut? I am thinking either a test they could do themselves that keeps the connection open for the right length of time and in the right way, or some kind of network diagnostic we could run from the IB server.
Identity Broker Change Detection Failing Due to MS DTC
I'm having trouble overcoming the below issue which so far has appeared once or twice in the newly set up production system. I noticed this after being informed that a change made in CPAL had not been flown into FIM and other systems. Looking in the logs, there was one or two occurances of the below error.
20120703,02:37:01,Connector Processing started.,Connector Processor,Information,Connector Processing started for connector CPAL Person (page 1),Normal 20120703,02:37:02,Connector processing success.,Connector Processor,Information,"Processing page 1 for connector CPAL Person processed 277 entities, finding 2 differences. Duration: 00:00:01.2031712",Normal 20120703,02:37:02,Connector Post Processing started.,Connector Processor,Information,Connector Post Processing started for connector CPAL Person. Processed Entities: 227,Normal 20120703,02:37:02,Connector Post Processing success.,Connector Processor,Information,Connector Post Processing completed for connector CPAL Person. Processed Entities: 227. Matching Entities: 0. Reported Changes: 0. Duration: 00:00:00.1718816,Normal 20120703,02:37:02,Change detection engine import all items completed.,Change detection engine,Information,Change detection engine import all items for connector CPAL Person completed. Duration: 00:00:01.7500672,Normal 20120703,02:37:05,Started processing changes register items.,Change detection engine,Information,Started processing changes register items for connector CPAL Person.,Normal 20120703,04:07:05,Changes register item processing on failed.,Change detection engine,Warning,"Changes register item processing on connector CPAL Person failed with reason Communication with the underlying transaction manager has failed.. Duration: 00:00:00.0625024 Error details: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B) at System.Transactions.Oletx.IDtcProxyShimFactory.ReceiveTransaction(UInt32 propgationTokenSize, Byte[] propgationToken, IntPtr managedIdentifier, Guid& transactionIdentifier, OletxTransactionIsolationLevel& isolationLevel, ITransactionShim& transactionShim) at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken) --- End of inner exception stack trace --- at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken) at System.Transactions.TransactionStatePSPEOperation.PSPEPromote(InternalTransaction tx) at System.Transactions.TransactionStateDelegatedBase.EnterState(InternalTransaction tx) at System.Transactions.EnlistableStates.Promote(InternalTransaction tx) at System.Transactions.Transaction.Promote() at System.Transactions.TransactionInterop.ConvertToOletxTransaction(Transaction transaction) at System.Transactions.TransactionInterop.GetExportCookie(Transaction transaction, Byte[] whereabouts) at System.Data.SqlClient.SqlInternalConnection.GetTransactionCookie(Transaction transaction, Byte[] whereAbouts) at System.Data.SqlClient.SqlInternalConnection.EnlistNonNull(Transaction tx) at System.Data.ProviderBase.DbConnectionInternal.ActivateConnection(Transaction transaction) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Data.SqlClient.SqlBulkCopy.CreateOrValidateConnection(String method) at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServer(Int32 columnCount) at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState) at Unify.Repository.ChangesItemContext.InsertItems(HashSet`1 addedItems, ChangesRegisterDataContext sourceContext, SqlConnection connection) at Unify.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Framework.BaseConnectorAdapterTransformationChangeProcessor.ProcessChangeReport(IDictionaryTwoPassDifferenceReport`4 changesReport, DateTime changeProcessTime) at Unify.Framework.ChangeReportProcessor.<>c__DisplayClassc.<ProcessCurrentReport>b__b(ITransformationChangeProcessor processor) at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor) at Unify.Framework.ChangeReportProcessor.ProcessCurrentReport(IEnumerable`1 adapterTransformationProcessors, IDictionaryTwoPassDifferenceReport`4 differenceReport, DateTime changeTime) at Unify.Framework.ChangeReportProcessor.CreateAndProcessReport[T](IEnumerable`1 adapterTransformationProcessors, IEnumerable`1 sourceEnumerable, DateTime changeTime, Action`2 addAction) at Unify.Framework.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request) at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor) at Unify.Framework.ChangeReportProcessor.RunBase() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
On the SQL Server System (a different virtual system), the below appears in the event log
Event 4879, MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system DSCSQL1.
DSCSQL1 is the database server and the system where the above error appeared.
MSDTC is enabled on both the SQL Server and the Identity Broker systems with "Network DTC Access", "Allow Inbound" and "Allow Outbound" are enabled. The same set up appeared in test.
I didn't see this issue in the test environment, I'm sure there is an environmental reason for it but I'm not sure what that is. After the error above Identity Broker appears to run along just fine, however updates may not have been made in the source system since the one above occurred.
Schema row update commit multiple rows
From PRODUCT-372, to update the connector schema following a change on the UI, a new button should be added that performs the task of submitting all of the individual JavaScript buttons that appear (that update an individual row in the schema). The new button could appear next to the buttons at the top of schema, using the events that are already in place for the schema. The button click could potentially just call the submit method for each of the schema row buttons that are visible.
How to create a Composite Adapter in IdB 4
I got a direct connector -> adapter relationship working with IdB 4, the MA installed and data came into FIM Sync. Nice and easy!
Now I want to add an extra table on the chris21 side so I want a composite adpater but can't see how you create one. Under "Composite Adapter" I just have buttons for "Compare Adapters" and "Delete Adapters".
Otherwise it's looking very good. Just a minor layout comment - when you create a transformation the Field drop-down is very narrow so hard to see the full column names.
New dropdown doesn't show full value name
The new dropdown is great but if you have a longer field name, you can't see the full name for the selected value. See the attached screenshot from the Copy transformation where "EmployeeID" is selected. This could be problematic for schemas with lots of fields starting with the same characters.
Small dropdown.png
MVC-mini-profiler causes response header to be too large
Components:
- MVC-mini-profiler;
- Identity Broker management studio.
Reproduce, either:
- Attach the debugger (this triggers the profiler to start) and leave Identity Broker running long enough and then try to use the UI using a browser that has a small header limit size (e.g. Chrome); OR
- Use fiddler/curl to hit Identity Broker UI, notice how large X-MiniProfiler-Ids is.
The issue is caused by the mvc-mini-profiler not clearing out it's cache of profiled operations:
- Update the profiler (see https://code.google.com/p/mvc-mini-profiler/issues/detail?id=99);
- Find out why the profile isn't visible, I can't remember when it's supposed to show up.
Whilst fixing this issue, make sure that all operations are covered by the profiler (it's done in a decorator).
Thanks.
Connector IdB UI failure during Induction for 4.1
While completing the Induction project using IdB 4.1 All connectors are broken in the IdB web UI. giving errors like below.
When following the instructions on https://unifysolutions.jira.com/wiki/display/PRDGRP/Setting+up+VirtualMachine2+-+IdentityBroker%2C+FIM+and+ActiveDirectory regarding copying the and upgrading the config files attached to the article. The upgrade process caused this exception in the UI.
The question is: Is this a config issue only and will not occur for a client under normal scenarios? or Is there improvements required within the UI code.
System.ArgumentException: Missing gtrForm attribute in <Extended>
<image>iVBORw.....SuQmCC</image>
<communicator logActive="True" gtrForm="det" gtrName="FRONTIER" gtrPassword="A" gtrAllowHttp="True" gtrShowTranslations="True" gtrListRequest="All" gtrChunkSize="1000" gtrEaiFile="EMDET" gtrEaiKey="Number" httpUri="http://192.168.16.20/Scalable/c21connect.asp" encoding="UTF-8" contentType="application/x-www-form-urlencoded" />
</Extended>
at Unify.Framework.XElementExtensions.AttributeValueModify(XElement sourceElement, XName attributeName, Action`1 modifyAttribute) in c:\TeamCity\buildAgent\work\aad7920828b5b314\Source\Xml\Unify.Framework.Xml\XElementExtensions.AttributeValues.cs:line 31
at Unify.Product.IdentityBroker.Chris21ConnectorInformationFactory.CreateComponent(XElement communicatorElement)
at Unify.Connect.Web.Chris21ConnectorController.Display(DisplayConnectorInformation displayInformation)
at lambda_method(Closure , ControllerBase , Object[] )
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.<>c_DisplayClass15.<InvokeActionMethodWithFilters>b_12()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
Error during idB5 import
Hi Product team!
I'm not sure if this is the best place to be adding in support request seeing as though these have now been moved to VSO. If you would like me to add remove this issue and repost, please let me know.
Currently importing an LDAP Group (Powershell connector) into FIM - Nothing crazy on the transforms and receiving the following error on import
"Unify.Product.IdentityBroker.LdapOperationException: Internal Server Error #11: Sequence contains more than one element at Unify.Product.IdentityBroker.LdapConnection.GetMessage(Int32 messageId) at Unify.Product.IdentityBroker.SearchRequest.Send(Func`2 send, Func`2 recv) at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request) at Unify.Product.IdentityBroker.LdapConnectionProxy.<SearchRequestPaged>d__6.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<SelectManyIterator>d__14`2.MoveNext() at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items) at Unify.Product.IdentityBroker.ExtensionMethods.<Page>d__0`1.MoveNext() at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep) Forefront Identity Manager 4.1.3646.0"
Please see attached connector and adapter config
This error sounds as though it could be data related - If you require additional logging on the clients data set please let me know.
Unify.Product.IdentityBroker.AdapterEnginePlugInKey.extensibility.config.xml
Unify.Product.IdentityBroker.ConnectorEnginePlugInKey.extensibility.config.xml
UnifyLog20150928.csv
PowerShell connector - investigate use of stored values collection
PowerShell connector:
- Reference stored values engine in connector plugin
- Create instance of stored values collection (see below)
- Add stored values collection to component that is passed into PowerShell scripts
- Test
Stored values details:
- Example: S:\hg\Connectors\HP.Trim\Master\Source\Communicator\Unify.Connectors.HPTrimWSCommunicator\HPTrimWSCommunicator.cs
- Look at the Translations
- Don't follow exactly, the connector factory should create the context, retrieve (insert a collection if there isn't an existing one), and dispose when the connector is disposed.
- The connector should then pass the collection into the PowerShell components.
- The connector should submit the changes to the context - consider making the PowerShell components disposable so that it can do it, just make sure the usages of the components are all wrapped in using statements.
Customer support service by UserEcho
