Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Not a bug

Foreign Multivalued Group Transformation reports "Value cannot be null" for multivalued attribute with no members

Adrian Corston 5 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 3 years ago 5

Please see attached Broker configuration.  The "MIM LMS Group Users" connector generates records for groups, with a multivalued field "PersonNumbers" that is then used by the "MIM LMS Person" adapter in a Foreign Multivalued Group Transformation to generate the DNs of the groups each user is a member of.  When a group has no members, running an Import All on the connector causes a "Value cannot be null" error to be logged.  If I change the source data to not include any groups with no PersonNumbers data then the error does not occur

As a workaround, I've inserted a dummy value into blank PersonNumbers field values as shown here:

Image 5744

I tried to replicate this issue in a simpler Broker instance, but I could not sorry.

Answer

Closing this one as it wasn't reproducible and no further information provided. Feel free to re-open if further information arises, or the problem resurfaces elsewhere.

0
Planned

PowerShell schema refresh with changed Required attribute on a field isn't detected and doesn't Merge

Adrian Corston 5 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 2 years ago 2

After changing the Required flag for a field in my PowerShell schema script, I re-ran Request Schema and the UI didn't show any fields as changed.  After I Merged Changes the field was not updated, and I had to update the Required flag manually.

It seems a reasonable expectation that a change of any field attribute should be flagged by the UI and applied when Merge is clicked.

0
Answered

Cannot configure MIM to export to UNIFYBroker DN field - UI says "Field is read-only"

Adrian Corston 5 years ago in UNIFYBroker Service updated 5 years ago 7

I am trying to configure an export flow in MIM for a DN field in UNIFYBroker, and I see this error:

Image 5737

However, when I use LDP.exe to connect to UNIFYBroker via the LDAP gateway I can Add or Replace a DN value in that field successfully, so the limitation appears to be in the UNIFYBroker ECMA2 DLL rather than in UNIFYBroker itself.

Could you please advise if this is the expected behaviour?  If it is then could you comment on why the limitation exists and advise what we should do as a workaround?

Answer

Closing with assumption that this fix has been successful. Feel free to reopen the ticket if the issue persists.

Patch will be available in the next release of UNIFYBroker.

0
Fixed

Adapter with a Foreign Multivalue Group can't be enabled and no schema rows show in the UI

Adrian Corston 5 years ago in UNIFYBroker SDK and UNIFYCore updated by Bob Bradley 4 years ago 9

I added a Foreign Multivalue Group transform to an Adapter and the schema rows no longer showed.  When I then enabled the Adapter an error appeared: "Object reference not set to an instance of an object at Unify.Product.IdentityBroker.TemplateDistinguishedNameParser.ParseTemplate".

Connector "Owners":

Image 5725

Connector "Things":

Image 5726

Adapter:

Image 5727

Image 5728


Here is the transform (against the Owners connector):

Image 5724

When I attempt to enable the Adapter this error appears:

Image 5729

If I remove the Transform then the Adapter's schema re-appears:

Image 5730

If I attempt to edit the Transform an error appears:

Image 5731

Logs & Extensibility attached to next comment.

0
Declined

Deadlock stopping Generate Changes operation from completing successfully

Tom Parker 5 years ago updated by Matthew Davis (Technical Product Manager) 3 years ago 4

We've got a site where the adapter entities have been cleared and on a generate changes only one or two thousand entities get processed with one time the following error occurring:

"Transaction (Process ID 124) was deadlocked on lock resources with
another process and has been chosen as the deadlock victim. Rerun the
transaction.."

It looks like since the connector schedules haven't been disabled that they're running imports that are causing the database to deadlock, aborting the reflection process. I had a look through the documentation in the knowledge base but I couldn't find anything that confirms my suspicion.


What I'm looking for is confirmation that UNIFYBroker does hit a deadlock when a reflection and an import occur at the same on the same connector so I can advise the client on what to do in the future to avoid this (i.e., disable the schedules when doing a re-population).

Answer

Closing as this is being investigated at a deeper level on other backlog items, but no further information was provided on this individual item.

Feel free to re-open if it continues to be a common behaviour.

0
Planned

REST API returns null ExtendedUrn for SCIM gateways

The UNIFYBroker API returns null for SCIM gateways:

Image 5709

Image 5710

This is not the case for other gateway types, e.g. LDAP (example above).

0
Fixed

UNIFYBroker GUI reporting service unavailable intermittently

Hayden Gray 5 years ago updated by Beau Harrison (Senior Product Software Engineer) 4 years ago 12

Hello,


Not sure if this has been reported before, but couldn't see anything on my quick look. I am currently in an environment running Broker v5.3.1 Revision #4, and am experiencing what appears to be a UI bug where randomly the web page will begin to display "Service Unavailable" all over the page.

Image 5696

After several seconds to a minute or two, the page will then flick back to normal and continue in this pattern. Some days it will happen more often than others, with no increase in job frequency. Occasionally a service restart will improve the frequency of it occurring, however it will slowly return over time.

I've investigated a bit and it appears to not noticeably affect the current running jobs in UNIFYBroker, nor importing running from Broker into MIM. I have also see it happens more frequently when jobs are running in Broker, but not attributed to any one job in particular. There are also no errors in the Event Log, however there are some in the UNIFYBroker log, though they don't appear to be UI specific, nor can I say I have seen these on every occasion this happens.

The error I'm referring to in particular is:

"Unable to raise complete notification:

System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Collections.ThreadsafeObjectQueueBase`2.Push(TItem item)
at Unify.Framework.Notification.TaskNotifier`1.Dispose()
"

If you need any more information just let me know.

Thanks

0
Not a bug

REST API Link/PowerShell/UpdateProvisioningTask fails with error ""

Using swagger I see the following error when I call the Link/PowerShell/UpdateProvisioningTask function:

Image 5690

Image 5691

The full response body is:

{
"Message": "An error has occurred.",
"ExceptionMessage": "Index was out of range. Must be non-negative and less than the size of the collection.\r\nParameter name: index",
"ExceptionType": "System.ArgumentOutOfRangeException",
"StackTrace": " at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)\r\n at System.Collections.Generic.List`1.set_Item(Int32 index, T value)\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass92_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass161_0.<ConfigurationChange>b__0()\r\n at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)\r\n at Unify.Product.Plus.LinkEngine.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineAuditingDecorator.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineNotifierDecorator.<>c__DisplayClass50_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Framework.Notification.NotifierDecoratorBase.Notify(ITaskNotificationFactory notificationFactory, Action action)\r\n at Unify.Product.Plus.LinkControllerBase.InnerUpdateProvisioningTask[TExtended](Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, IProvisioningTaskApiInformation`1 taskInformation, XElement extended)\r\n at Unify.Product.Plus.LinkController.UpdatePowerShellProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, PowerShellProvisioningTaskApiInformation taskInformation)\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClassc.<GetExecutor>b__6(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()"
}

I will attach my configuration extensibility files to the next comment.

0
Planned

Link/GetProvisioningInformation REST API returns structure with two nested Extended attribute

JSON objects returned by a REST API call to Link/GetProvisioningInformation contains task informations with two nested Extended attributes.  As a comparison point, only one Extended attribute may be specified in the task information object when calling Link/PowerShell/AddProvisioningTask, so this seems inconsistent and may be wrong.

Image 5689

Also, as a minor point the Example value for this call is not particularly helpful - it looks like an XML data structure converted to JSON and doesn't reflect the structure of data the call typically returns on a live system.

0
Not a bug

Two operation lists in an exclusion group both ran concurrently

Adrian Corston 5 years ago updated by Beau Harrison (Senior Product Software Engineer) 5 years ago 4

At 17/03/2020 15:30:00 UNIFYNow attempted to run the Daily Full Cycle 2nd Step operation list, despite the presence of an exclusion group which also contained the Daily Full Cycle 1st Step operation list which was still running the last operation it contains at that time (MDR South Employees Management Agent Full Import Full Sync):

Image 5670

Image 5672

Image 5676

Image 5675


Image 5674


The issue was evidenced by the failed attempt to run the first operation of the 2nd Step operation list (MDR Master FIFS):

Image 5673

The MDR South FIFS (last operation of the 1st Step operation list) was definitely run by UNIFYNow, and not manually from the MIM Sync Service Manager.

Log and extensibility files will be attached to the next comment.