Default encoding in the base http communicator does not match the default encoding coming from chris21.

chris21 can be changed to output UTF-8 (the default behaviour of the communicator), but this is not a robust long term solution.

UFCORE-56 will add the ability for the response encoding type to be changed, but the default will be UTF-8 (current behaviour). Identity Broker for Frontier chris21 should have it's use of the communicator information changed to default to UTF-7.

Example data (Célia outputs as C?lia):

detg1name1=%22C%E9lia%22

The Identity Broker IDB40:Database Connector should be extended to provide other methods of doing polling (delta) imports:

1. Select a datetime column.
2. Select another table for delta information (optionally clear table).
3. PowerShell script to return the changed entity id's (copy from PowerShell connector), the regular database GetEntities call (unchanged) to do the rest.

Consider another method where a PowerShell script is configurable to obtain the changed keys, allowing the database connector to then retrieve those items. Or some other use of PowerShell to allow for this to be configurable.

See ENVIRON-25. The Identity Broker adapter currently generates container objects out of all the DNs that it processes and passes them through on an adapter import. This is especially true when DN generation is configured in Identity Broker to be of a similar format to

cn=Field,cn=ObjectClass (constant field generator)

which would generate a container object with DN "cn=ObjectClass" and pass it to the IdM system.

In FIM, you cannot provision objects until the container exists in the connector space, meaning at present you either need to have already imported an object with a DN in this format, or you would need to provision the container to the connector space. This is fine for most cases but when you have systems that are targets only that will begin empty, you will have to either add a mock object to the system (which is sometimes impossible) or write some provisioning logic to add the empty container.

It would be useful if in cases where the DN structure for adapters is known to have been set up as described above (ie. using constant field generators), to always pass through the container.

I'm configuring a connector that connects to SQL database. There's a field in the table whose type is smallint.

When I try to import the unifylog.csv file returns this line for each row.
Type ShortValue of value 1 in field Status is invalid. Expected type SingleValue.,Normal

I got the list of valid validators below from an Event Log error when I tried setting the validator to short.

boolean, binary, timestamp, date, decimal, dn, guid, int, long, double, single, string, boolean.multi, timestamp.multi, date.multi, decimal.multi, dn.multi, guid.multi, int.multi, long.multi, double.multi, single.multi, string.multi.

I've tried setting the validator in the connector config for the status field to int, long and string and none of them have worked.

What should I set the validator to so that I can import a smallint from a SQL table?

There is no safe retrieve on the objectclass lookup for adapter saves,
(LDIFToAdapterEntitySaveAdapterBase.cs line 118), this throws an exception similar to the following:

System.Exception: Error occurred when attempting to save entity with distinguished name
 
UID=a71bfacc-8201-4ec6-84c3-0a2ecc942d2e
 
Error:
 
The given key was not present in the dictionary.
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveAdapterBase`1.ConvertValues(String objectClass, IEnumerable`1 convertedValues)
   at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.GetConvertedValuesFromSchema(String objectClass, IEnumerable`1 values)
   at Unify.Product.IdentityBroker.LDIFToAdapterEntitySaveChangeAdapter.<Transform>d__3.MoveNext()
   at Unify.Product.IdentityBroker.LDIFAdapterBase.ExportChanges(ExportedLDIFForAdapter exportedLdifForAdapter)
   at SyncInvokeExportChanges(Object , Object[] , Object[] )
   at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(MessageRpc& rpc)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
   at Unify.Product.IdentityBroker.IdentityBrokerManagementAgentProxy.ExportEntry(ModificationType modificationType, String[] changedAttributes, CSEntry csentry)

This isn't very descriptive of the real problem and needs to be updated; make sure every usage of that dictionary employs the TryGet call.

It was decided that the xMA Generator should not allow users to save xMAs to the Service directory of Identity Broker, as this may involve writing to and cluttering an applications drive. This feature should be removed from the generator, with the FIM Instance and Download Locally options providing more than enough flexibility.

The following exception is thrown when a comparison is made between two DoubleValues, through an interLINQ query from management studio:

Property 'Single Value' is not defined for type 'System.Nullable`1[System.Double]'

with a complete stack trace of:

   at System.Linq.Expressions.Expression.Property(Expression expression, PropertyInfo property)
   at Unify.Product.IdentityBroker.Repository.NativeTypeInformation`4.CreateEntityValueTypeExpressionBase(Expression tableMember) in S:\hg\Product\IdentityBroker\b\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\NativeTypeInformations\NativeTypeInformation.cs:line 303
   at Unify.Product.IdentityBroker.Repository.NativeTypeInformation`4.CreateEntityValueTypeExpression(Expression sourceExpression) in S:\hg\Product\IdentityBroker\b\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\NativeTypeInformations\NativeTypeInformation.cs:line 76
   at Unify.Product.IdentityBroker.Repository.NativeTypeInformation`4.CreateDataValueExpression(BinaryExpression originalExpression, ExpressionType nodeType, IEntityExpressionVisitor entityExpressionVisitor, Expression parameterExpression, Expression valueExpression) in S:\hg\Product\IdentityBroker\b\Source\Entity\Unify.IdentityBroker.Entity.Repository.Sql\NativeTypeInformations\NativeTypeInformation.cs:line 280
   at Unify.Product.IdentityBroker.Repository.NativeTypeInformation`4.GetGetValueBinaryExpression(Expression left, Expression right, BinaryExpression binaryExpression, ExpressionType nodeType, IEntityExpressionVisitor entityExpressionVisitor) in S:\hg\Product

The comparison code is the following:

SingleValue innerValue = float.Parse(value);
                                return queryable => from item in queryable
                                                    where item.Contains(schemaKey) &&
                                                          item.GetValue<SingleValue>(schemaKey) < innerValue
                                                    select item;

Alternatively the behaviour can be replicated by creating a SingleValue comparison search query through the new entity search UI.

Originally a comment on PRODUCT-2:

Some Features that i would like to see included in IDB 4.

I Agree with Eddie on the search/filter feature - this has caused me frustration in the past when trying to view large data sets.
Is it possible to implement some sort of paging system here so that it doesn't have to load the entire data set everytime.
A couple of other points on the entity search, fistly it would be great if it could remember the configuration of columns selected from the column chooser. It's frustrating to have to repeat this every time a search is done. Secondly is it possible to make this view refreshable - currently the search window has to be closed and reopened for this to happen.

In the connection monitor view, it would be great to see status updates on import/export operations.
Ie. No Records processed/remaining, elapsed time/est remaining time etc.

Another feature that would be useful in this view is the ability to disable/enable scheduled imports to specific connectors, or a master control to disable all scheduling.

The ability to configure connectors from the interface would be very useful - in particular, to be able to configure connection attributes, and perform a connection test based on those attributes.

Our hosted environment is being upgraded to 10.4 MR5, and we've been informed this includes changes to the WSDL URL and possibly the web service itself. Has Unify had any experience with this update in other Departments, and can you advise on what changes need to be made to the Identity Broker?

Currently the only specific detail I've been given is the new URL;
https://selfservice.aurion.com/waterwa/servlet/services/ev397_aurion_ws?wsdl (new)
https://aurionss.asp.aurion.com.au/waterwaprd/servlet/services/ev397_aurion_ws?wsdl (existing)

CloudBroker requires the following:

• SSL on all communication

IDBCHRS will fail if the end-point address (a public DNS entry) is different to the certificate supplied by the IIS end-point, something that is entirely likely to happen if a customer cannot use their NAT to set up SSL and terminate at that address. For example:

IDBCHRS is set to connect to unify-demo-idbchrslite-1-chrs.cloudapp.net, however the AD certificate is issued by the domain CA which makes the certificate idbpc21-chrs.demo.unifysolutions.net.

The chris21 connector should permit the certificate to be determined by a name in the our configuration. The certificate must still be valid against the local machine certificate store.