Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Foreign Multivalued Group Transformation reports "Value cannot be null" for multivalued attribute with no members
Please see attached Broker configuration. The "MIM LMS Group Users" connector generates records for groups, with a multivalued field "PersonNumbers" that is then used by the "MIM LMS Person" adapter in a Foreign Multivalued Group Transformation to generate the DNs of the groups each user is a member of. When a group has no members, running an Import All on the connector causes a "Value cannot be null" error to be logged. If I change the source data to not include any groups with no PersonNumbers data then the error does not occur
As a workaround, I've inserted a dummy value into blank PersonNumbers field values as shown here:
I tried to replicate this issue in a simpler Broker instance, but I could not sorry.
Closing this one as it wasn't reproducible and no further information provided. Feel free to re-open if further information arises, or the problem resurfaces elsewhere.
PowerShell schema refresh with changed Required attribute on a field isn't detected and doesn't Merge
After changing the Required flag for a field in my PowerShell schema script, I re-ran Request Schema and the UI didn't show any fields as changed. After I Merged Changes the field was not updated, and I had to update the Required flag manually.
It seems a reasonable expectation that a change of any field attribute should be flagged by the UI and applied when Merge is clicked.
Cannot configure MIM to export to UNIFYBroker DN field - UI says "Field is read-only"
I am trying to configure an export flow in MIM for a DN field in UNIFYBroker, and I see this error:
However, when I use LDP.exe to connect to UNIFYBroker via the LDAP gateway I can Add or Replace a DN value in that field successfully, so the limitation appears to be in the UNIFYBroker ECMA2 DLL rather than in UNIFYBroker itself.
Could you please advise if this is the expected behaviour? If it is then could you comment on why the limitation exists and advise what we should do as a workaround?
Closing with assumption that this fix has been successful. Feel free to reopen the ticket if the issue persists.
Patch will be available in the next release of UNIFYBroker.
Adapter with a Foreign Multivalue Group can't be enabled and no schema rows show in the UI
I added a Foreign Multivalue Group transform to an Adapter and the schema rows no longer showed. When I then enabled the Adapter an error appeared: "Object reference not set to an instance of an object at Unify.Product.IdentityBroker.TemplateDistinguishedNameParser.ParseTemplate".
Connector "Owners":
Connector "Things":
Adapter:
Here is the transform (against the Owners connector):
When I attempt to enable the Adapter this error appears:
If I remove the Transform then the Adapter's schema re-appears:
If I attempt to edit the Transform an error appears:
Logs & Extensibility attached to next comment.
Deadlock stopping Generate Changes operation from completing successfully
We've got a site where the adapter entities have been cleared and on a generate changes only one or two thousand entities get processed with one time the following error occurring:
"Transaction (Process ID 124) was deadlocked on lock resources with
another process and has been chosen as the deadlock victim. Rerun the
transaction.."
It looks like since the connector schedules haven't been disabled that they're running imports that are causing the database to deadlock, aborting the reflection process. I had a look through the documentation in the knowledge base but I couldn't find anything that confirms my suspicion.
What I'm looking for is confirmation that UNIFYBroker does hit a deadlock when a reflection and an import occur at the same on the same connector so I can advise the client on what to do in the future to avoid this (i.e., disable the schedules when doing a re-population).
Closing as this is being investigated at a deeper level on other backlog items, but no further information was provided on this individual item.
Feel free to re-open if it continues to be a common behaviour.
REST API returns null ExtendedUrn for SCIM gateways
The UNIFYBroker API returns null for SCIM gateways:
This is not the case for other gateway types, e.g. LDAP (example above).
UNIFYBroker GUI reporting service unavailable intermittently
Hello,
Not sure if this has been reported before, but couldn't see anything on my quick look. I am currently in an environment running Broker v5.3.1 Revision #4, and am experiencing what appears to be a UI bug where randomly the web page will begin to display "Service Unavailable" all over the page.
After several seconds to a minute or two, the page will then flick back to normal and continue in this pattern. Some days it will happen more often than others, with no increase in job frequency. Occasionally a service restart will improve the frequency of it occurring, however it will slowly return over time.
I've investigated a bit and it appears to not noticeably affect the current running jobs in UNIFYBroker, nor importing running from Broker into MIM. I have also see it happens more frequently when jobs are running in Broker, but not attributed to any one job in particular. There are also no errors in the Event Log, however there are some in the UNIFYBroker log, though they don't appear to be UI specific, nor can I say I have seen these on every occasion this happens.
The error I'm referring to in particular is:
"Unable to raise complete notification:
System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Collections.ThreadsafeObjectQueueBase`2.Push(TItem item)
at Unify.Framework.Notification.TaskNotifier`1.Dispose()"
If you need any more information just let me know.
Thanks
REST API Link/PowerShell/UpdateProvisioningTask fails with error ""
Using swagger I see the following error when I call the Link/PowerShell/UpdateProvisioningTask function:
The full response body is:
{
"Message": "An error has occurred.",
"ExceptionMessage": "Index was out of range. Must be non-negative and less than the size of the collection.\r\nParameter name: index",
"ExceptionType": "System.ArgumentOutOfRangeException",
"StackTrace": " at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)\r\n at System.Collections.Generic.List`1.set_Item(Int32 index, T value)\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass92_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass161_0.<ConfigurationChange>b__0()\r\n at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)\r\n at Unify.Product.Plus.LinkEngine.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineAuditingDecorator.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineNotifierDecorator.<>c__DisplayClass50_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Framework.Notification.NotifierDecoratorBase.Notify(ITaskNotificationFactory notificationFactory, Action action)\r\n at Unify.Product.Plus.LinkControllerBase.InnerUpdateProvisioningTask[TExtended](Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, IProvisioningTaskApiInformation`1 taskInformation, XElement extended)\r\n at Unify.Product.Plus.LinkController.UpdatePowerShellProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, PowerShellProvisioningTaskApiInformation taskInformation)\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClassc.<GetExecutor>b__6(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()"
}
I will attach my configuration extensibility files to the next comment.
Link/GetProvisioningInformation REST API returns structure with two nested Extended attribute
JSON objects returned by a REST API call to Link/GetProvisioningInformation contains task informations with two nested Extended attributes. As a comparison point, only one Extended attribute may be specified in the task information object when calling Link/PowerShell/AddProvisioningTask, so this seems inconsistent and may be wrong.
Also, as a minor point the Example value for this call is not particularly helpful - it looks like an XML data structure converted to JSON and doesn't reflect the structure of data the call typically returns on a live system.
Two operation lists in an exclusion group both ran concurrently
At 17/03/2020 15:30:00 UNIFYNow attempted to run the Daily Full Cycle 2nd Step operation list, despite the presence of an exclusion group which also contained the Daily Full Cycle 1st Step operation list which was still running the last operation it contains at that time (MDR South Employees Management Agent Full Import Full Sync):
The issue was evidenced by the failed attempt to run the first operation of the 2nd Step operation list (MDR Master FIFS):
The MDR South FIFS (last operation of the 1st Step operation list) was definitely run by UNIFYNow, and not manually from the MIM Sync Service Manager.
Log and extensibility files will be attached to the next comment.
Customer support service by UserEcho