Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Add ability to request multiple employee status types
Allow the employee connector to request more than one employee status type.
EmployeeID/joining changes
We expected this but confirmed due to Aurion Corp's feedback:
- EmployeeID will not always be an option and we need to allow for an alternative field to contain the Aurion PersonNumber
- Regardless of where it comes from, the field may sometimes be empty or duplicated which means it's not appropriate for use in the DN
Review LITE terminology
Not all that surprising, but feedback from Aurion Corp is that some of the terminology (mostly identity-related stuff) is difficult to understand. We've already been through a few revisions of it but we should find some time to do it again, maybe with a neutral 3rd party.
Edit Synchronization Settings Potential Updates.png
Synchronization Page Potential Updates.png
Adding an entity which fails validation leaves an entry in the LDAP entity cache
Adding an entity via the LDAP endpoint which fails schema validation leaves an entry in the entity cache with the requested DN. This means that a second attempt to add the entity that should succeed will instead fail saying the entity already exists. Consider any other conditions that might result in a non-existing entity remaining in the entity cache and verify that they are handled correctly.
SapHR Test Harness Issues
A new version of the test harness was provided to us for testing this solution, version is 3.0.1.
I've extracted the archive and run the executable. The executable is not in the Identity Broker directory.
I get an error regarding missing DLLs
System.IO.FileNotFoundException: Could not load file or assembly 'SAP.Connector.Rfc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=50436dca5c7f7d23' or one of its dependencies. The system cannot find the file specified. File name: 'SAP.Connector.Rfc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=50436dca5c7f7d23' at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) at System.Reflection.Assembly.Load(AssemblyName assemblyRef) at SAP.Connector.RfcConnectorLoader.LoadRfcConnector() at SAP.Connector.RfcConnectorLoader.GetRfcConnection(IDestination dest) at SAP.Connector.Connection.GetNewConnection(IDestination dest) at SAP.Connector.Connection.GetConnection(IDestination dest) at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.Open() in S:\hg\Connectors\SAP.HCM\Master\Source\Unify.Communicators.SapHRCommunicator\SapHrCommunicator.cs:line 451 at Unify.Communicators.SapHRCommunicator.TestHarness.btnConnect_Click(Object sender, EventArgs e) in S:\hg\Connectors\SAP.HCM\Master\Source\Unify.TestHarness.SapHrCommunicator\TestHarness.cs:line 58 WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].
To try to get around this, I copied the missing DLL (there are two) from the Identity Broker service directory, but I then get the error
System.BadImageFormatException: An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B) at SAP.Connector.Connection.Open() at Unify.Communicators.SapHRCommunicator.SapHrCommunicator.Open() in S:\hg\Connectors\SAP.HCM\Master\Source\Unify.Communicators.SapHRCommunicator\SapHrCommunicator.cs:line 455 at Unify.Communicators.SapHRCommunicator.TestHarness.btnConnect_Click(Object sender, EventArgs e) in S:\hg\Connectors\SAP.HCM\Master\Source\Unify.TestHarness.SapHrCommunicator\TestHarness.cs:line 58
Event log error
Fault bucket , type 0 Event Name: PCA2 Response: Not available Cab Id: 0 Problem signature: P1: Unify.TestHarness.SapHrCommunicator.exe P2: 3.0.1.3 P3: Unify.TestHarness.SapHrCommunicator P4: UNIFY Identity Broker for SAP HCM P5: UNIFY Solutions Pty Ltd P6: 200 P7: -1 P8: P9: P10: Attached files: These files may be available here: C:\Users\a16716.TESTINTERNAL\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Unify.TestHarnes_18e927a83648e251bb989378285ab8f6680a1e1_2d5cb42b Analysis symbol: Rechecking for solution: 0 Report Id: 2076e8d0-3f55-11e2-8a8f-005056ba0004 Report Status: 4
SAP timing configuration for IdB 3.*
The following is the timing configuration for one of 10 connectors defined in the IdB 2.* solution currently in Production:
<getAllEntities> <timing name="RecurringTimespan"> <timespan value="3600000000" /> </timing> </getAllEntities> <polling> <timing name="RecurringTimespan"> <timespan value="3600000000" /> </timing> </polling>
... i.e. reading this literally, both full AND delta every 6 minutes!!!
I had converted the above to the following for IdB 3.* - mainly for readability:
<getAllEntities> <timing name="Daily" offset="21:00:00" /> </getAllEntities> <polling> <timing name="RecurringTimespanStandardTime"> <timespan value="00:10:00" /> </timing> </polling>
... on the basis that it seemed silly to have both nodes set at the same frequency. I have been happily testing with this for the last couple of days ... but had started to notice that polling wasn't working .
I had not noticed the "delta import" button on the UNIFY Management Studio 3.* toolbar before Friday, but when I click on this for the above IdB 3.* connector configuration I get the following error in the IdB log:
Timestamp Severity Source Module Message 8/04/2013 1:49:57 PM Warning Change detection engine poll failed. Change detection engine "Change detection engine poll for connector Organisational Structure Connector failed with reason The connector 7d7e4969-2a73-4669-848c-67cb72c7867c does not support polling.. Duration: 00:00:00.0361342 Error details: System.NotSupportedException: The connector 7d7e4969-2a73-4669-848c-67cb72c7867c does not support polling. at Unify.Framework.ConnectorToPollingConnectorBridge.get_PollingConnector() at Unify.Framework.ConnectorToPollingConnectorBridge.PollChanges(IStoredValueCollection changeState) at Unify.Framework.EventNotifierPollingConnectorDecorator.PollChanges(IStoredValueCollection changeState) at Unify.Framework.ChangeDetectionPollJob.RunBase() at Unify.Framework.JobBase.Run() at Unify.Framework.MutexJobDecorator.Run() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)"
I then went looking in the JIRA doco for this connector, including here, but couldn't find any doco about whether or not this connector should support polling.
Is the Production configuration wrong but nobody has ever noticed? It is consistent with version 2.4 of the spec which says the following:
15.2 Identity Broker
Connector Event Timespan Description
SAP HCM GetAllEntities 3600000000
SAP HCM Polling 3600000000
I suspect the SAP HCM connector has somehow never been a polling connector ... but I just wanted to make sure!
Simple way to test aurion connectivity for Identity Broker
Identity Broker needs to keep a connection open to Aurion for an extended period of time and we can have problems with proxies and firewalls cutting the connection. Is there something we can give to the network guys at a customer to prove to them where the connection is being cut? I am thinking either a test they could do themselves that keeps the connection open for the right length of time and in the right way, or some kind of network diagnostic we could run from the IB server.
Identity Broker Change Detection Failing Due to MS DTC
I'm having trouble overcoming the below issue which so far has appeared once or twice in the newly set up production system. I noticed this after being informed that a change made in CPAL had not been flown into FIM and other systems. Looking in the logs, there was one or two occurances of the below error.
20120703,02:37:01,Connector Processing started.,Connector Processor,Information,Connector Processing started for connector CPAL Person (page 1),Normal 20120703,02:37:02,Connector processing success.,Connector Processor,Information,"Processing page 1 for connector CPAL Person processed 277 entities, finding 2 differences. Duration: 00:00:01.2031712",Normal 20120703,02:37:02,Connector Post Processing started.,Connector Processor,Information,Connector Post Processing started for connector CPAL Person. Processed Entities: 227,Normal 20120703,02:37:02,Connector Post Processing success.,Connector Processor,Information,Connector Post Processing completed for connector CPAL Person. Processed Entities: 227. Matching Entities: 0. Reported Changes: 0. Duration: 00:00:00.1718816,Normal 20120703,02:37:02,Change detection engine import all items completed.,Change detection engine,Information,Change detection engine import all items for connector CPAL Person completed. Duration: 00:00:01.7500672,Normal 20120703,02:37:05,Started processing changes register items.,Change detection engine,Information,Started processing changes register items for connector CPAL Person.,Normal 20120703,04:07:05,Changes register item processing on failed.,Change detection engine,Warning,"Changes register item processing on connector CPAL Person failed with reason Communication with the underlying transaction manager has failed.. Duration: 00:00:00.0625024 Error details: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException (0x8004D02B): The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02B) at System.Transactions.Oletx.IDtcProxyShimFactory.ReceiveTransaction(UInt32 propgationTokenSize, Byte[] propgationToken, IntPtr managedIdentifier, Guid& transactionIdentifier, OletxTransactionIsolationLevel& isolationLevel, ITransactionShim& transactionShim) at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken) --- End of inner exception stack trace --- at System.Transactions.TransactionInterop.GetOletxTransactionFromTransmitterPropigationToken(Byte[] propagationToken) at System.Transactions.TransactionStatePSPEOperation.PSPEPromote(InternalTransaction tx) at System.Transactions.TransactionStateDelegatedBase.EnterState(InternalTransaction tx) at System.Transactions.EnlistableStates.Promote(InternalTransaction tx) at System.Transactions.Transaction.Promote() at System.Transactions.TransactionInterop.ConvertToOletxTransaction(Transaction transaction) at System.Transactions.TransactionInterop.GetExportCookie(Transaction transaction, Byte[] whereabouts) at System.Data.SqlClient.SqlInternalConnection.GetTransactionCookie(Transaction transaction, Byte[] whereAbouts) at System.Data.SqlClient.SqlInternalConnection.EnlistNonNull(Transaction tx) at System.Data.ProviderBase.DbConnectionInternal.ActivateConnection(Transaction transaction) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Data.SqlClient.SqlBulkCopy.CreateOrValidateConnection(String method) at System.Data.SqlClient.SqlBulkCopy.WriteRowSourceToServer(Int32 columnCount) at System.Data.SqlClient.SqlBulkCopy.WriteToServer(DataTable table, DataRowState rowState) at Unify.Repository.ChangesItemContext.InsertItems(HashSet`1 addedItems, ChangesRegisterDataContext sourceContext, SqlConnection connection) at Unify.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Framework.BaseConnectorAdapterTransformationChangeProcessor.ProcessChangeReport(IDictionaryTwoPassDifferenceReport`4 changesReport, DateTime changeProcessTime) at Unify.Framework.ChangeReportProcessor.<>c__DisplayClassc.<ProcessCurrentReport>b__b(ITransformationChangeProcessor processor) at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor) at Unify.Framework.ChangeReportProcessor.ProcessCurrentReport(IEnumerable`1 adapterTransformationProcessors, IDictionaryTwoPassDifferenceReport`4 differenceReport, DateTime changeTime) at Unify.Framework.ChangeReportProcessor.CreateAndProcessReport[T](IEnumerable`1 adapterTransformationProcessors, IEnumerable`1 sourceEnumerable, DateTime changeTime, Action`2 addAction) at Unify.Framework.ChangeReportProcessor.ProcessReport(IChangeReportProcessingRequest request) at Unify.Framework.Visitor.<>c__DisplayClass1`1.<Visit>b__0(T item, Int32 index) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`1 visitor) at Unify.Framework.ChangeReportProcessor.RunBase() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
On the SQL Server System (a different virtual system), the below appears in the event log
Event 4879, MSDTC Client 2
MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system DSCSQL1.
DSCSQL1 is the database server and the system where the above error appeared.
MSDTC is enabled on both the SQL Server and the Identity Broker systems with "Network DTC Access", "Allow Inbound" and "Allow Outbound" are enabled. The same set up appeared in test.
I didn't see this issue in the test environment, I'm sure there is an environmental reason for it but I'm not sure what that is. After the error above Identity Broker appears to run along just fine, however updates may not have been made in the source system since the one above occurred.
Schema row update commit multiple rows
From PRODUCT-372, to update the connector schema following a change on the UI, a new button should be added that performs the task of submitting all of the individual JavaScript buttons that appear (that update an individual row in the schema). The new button could appear next to the buttons at the top of schema, using the events that are already in place for the schema. The button click could potentially just call the submit method for each of the schema row buttons that are visible.
How to create a Composite Adapter in IdB 4
I got a direct connector -> adapter relationship working with IdB 4, the MA installed and data came into FIM Sync. Nice and easy!
Now I want to add an extra table on the chris21 side so I want a composite adpater but can't see how you create one. Under "Composite Adapter" I just have buttons for "Compare Adapters" and "Delete Adapters".
Otherwise it's looking very good. Just a minor layout comment - when you create a transformation the Field drop-down is very narrow so hard to see the full column names.
Customer support service by UserEcho