The UNIFYBroker API returns null for SCIM gateways:

This is not the case for other gateway types, e.g. LDAP (example above).

Hello,

Not sure if this has been reported before, but couldn't see anything on my quick look. I am currently in an environment running Broker v5.3.1 Revision #4, and am experiencing what appears to be a UI bug where randomly the web page will begin to display "Service Unavailable" all over the page.

After several seconds to a minute or two, the page will then flick back to normal and continue in this pattern. Some days it will happen more often than others, with no increase in job frequency. Occasionally a service restart will improve the frequency of it occurring, however it will slowly return over time.

I've investigated a bit and it appears to not noticeably affect the current running jobs in UNIFYBroker, nor importing running from Broker into MIM. I have also see it happens more frequently when jobs are running in Broker, but not attributed to any one job in particular. There are also no errors in the Event Log, however there are some in the UNIFYBroker log, though they don't appear to be UI specific, nor can I say I have seen these on every occasion this happens.

The error I'm referring to in particular is:

"Unable to raise complete notification:

System.ApplicationException: This operation returned because the timeout period expired. (Exception from HRESULT: 0x800705B4)
at System.Threading.ReaderWriterLock.AcquireWriterLockInternal(Int32 millisecondsTimeout)
at System.Threading.ReaderWriterLock.AcquireWriterLock(TimeSpan timeout)
at Unify.Framework.Collections.ThreadsafeObjectQueueBase`2.Push(TItem item)
at Unify.Framework.Notification.TaskNotifier`1.Dispose()"

If you need any more information just let me know.

Thanks

Using swagger I see the following error when I call the Link/PowerShell/UpdateProvisioningTask function:

The full response body is:

{
"Message": "An error has occurred.",
"ExceptionMessage": "Index was out of range. Must be non-negative and less than the size of the collection.\r\nParameter name: index",
"ExceptionType": "System.ArgumentOutOfRangeException",
"StackTrace": " at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)\r\n at System.Collections.Generic.List`1.set_Item(Int32 index, T value)\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass92_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Product.Plus.LinkEngine.<>c__DisplayClass161_0.<ConfigurationChange>b__0()\r\n at Unify.Framework.ExtensionMethods.WaitOnMutex(Mutex mutex, Action work)\r\n at Unify.Product.Plus.LinkEngine.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineAuditingDecorator.UpdateProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, IProvisioningTaskInformation taskInformation)\r\n at Unify.Product.Plus.LinkEngineNotifierDecorator.<>c__DisplayClass50_0.<UpdateProvisioningTask>b__0()\r\n at Unify.Framework.Notification.NotifierDecoratorBase.Notify(ITaskNotificationFactory notificationFactory, Action action)\r\n at Unify.Product.Plus.LinkControllerBase.InnerUpdateProvisioningTask[TExtended](Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, IProvisioningTaskApiInformation`1 taskInformation, XElement extended)\r\n at Unify.Product.Plus.LinkController.UpdatePowerShellProvisioningTask(Guid linkId, Boolean incoming, ProvisioningStep step, Guid taskId, PowerShellProvisioningTaskApiInformation taskInformation)\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClassc.<GetExecutor>b__6(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Filters.AuthorizationFilterAttribute.<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()"
}

I will attach my configuration extensibility files to the next comment.

JSON objects returned by a REST API call to Link/GetProvisioningInformation contains task informations with two nested Extended attributes.  As a comparison point, only one Extended attribute may be specified in the task information object when calling Link/PowerShell/AddProvisioningTask, so this seems inconsistent and may be wrong.

Also, as a minor point the Example value for this call is not particularly helpful - it looks like an XML data structure converted to JSON and doesn't reflect the structure of data the call typically returns on a live system.

At 17/03/2020 15:30:00 UNIFYNow attempted to run the Daily Full Cycle 2nd Step operation list, despite the presence of an exclusion group which also contained the Daily Full Cycle 1st Step operation list which was still running the last operation it contains at that time (MDR South Employees Management Agent Full Import Full Sync):

The issue was evidenced by the failed attempt to run the first operation of the 2nd Step operation list (MDR Master FIFS):

The MDR South FIFS (last operation of the 1st Step operation list) was definitely run by UNIFYNow, and not manually from the MIM Sync Service Manager.

Log and extensibility files will be attached to the next comment.

When editing the FTP Agent timeout, the value entered is not saved and always resets back to 00:00:00.

v5.3.2 Revision #0

Hi All,

Noticed a ticket in voice with basically the same error as the one below. Adam noted an internal change made by google as the cause of the error (https://voice.unifysolutions.net/communities/6/topics/2802-google-apps-group-import-error). Would you be able to take a look and see if this is the same scenario. This occurrence is likely for the same client as the ticket linked.

Change detection engine import all items failed.
Change detection engine import all items for connector Google STAFF: Groups Connector failed with reason One or more errors occurred.. Duration: 00:14:34.7327688
Error details:
System.AggregateException: One or more errors occurred. ---> System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message "Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]

at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass69_3`1.b__1()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass83_0.b__2(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.b__0(Object )
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body)
at Unify.Product.IdentityBroker.GoogleAgent.ProcessedGroups(Func`1 getDirectoryService, Func`1 getGroupsSettingsService, ConcurrentBag`1 directoryServices, ConcurrentBag`1 groupsSettingsServices, GroupEntityAdapter groupAdapter, GroupSettingsEntityAdapter groupSettingAdapter, IGroupMembersEntityAdapter groupMembersAdapter, IEnumerable`1 groupsValue, Boolean manageGroupSettings, GroupMembersReadMethod groupMembersReadMethod, String[] groupNameSuffixWhitelistFilter)
at Unify.Product.IdentityBroker.GoogleAgent.d__57.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
---> (Inner Exception #0) System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message "Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]

at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass69_3`1.b__1()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass83_0.b__2(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.b__0(Object )<---

UNIFYBroker Version: v5.3.1 Revision #4

Google Connector Version: v5.3.2.0

Let me know if you need any further information.

Thank you

Hi Gents,

Raising this ticket out of a support request from DIIS (Industry). They are looking to transition to a cloud hosted instance of Aurion, and to use a proxy server to provide a bridge between the 2.

However it appears the proxy settings for the Aurion agent are being ignored in communications.

They are on:

• Identity Broker Service v5.2.1.0
• Identity Broker for Aurion v5.2.0.1

They have provided the following (santitised) agent configuration:

<?xml version="1.0" encoding="utf-8"?>

<agentengine>

<agents>

<agent name="Aurion" id="9cd4a7d7-2852-40d5-afc4-089102472dc7" type="Unify.Agent.Aurion" description="
{COMMENTS REMOVED}">

<extended>

<communicator credentialsoptions="None" uri="https://api.aurion.cloud/{instance_name_removed}/production/servlet/services/ev397_aurion_ws?wsdl" ignorecertificateerrorslevel="Default" preauthenticate="false" usedefaulttimeout="false" timeout="PT55M" proxyoptions="Custom" proxyuri="http://{ PROXYIP}:8080/" proxycredentialsoptions="Default">

</communicator></extended></agent></agents></agentengine>

I've spoken with Matt, and apparently there is a known issue with version 5.2 and a fix which addresses this issue. (Not currently available on Voice).

I am building a customer solution that requires an email to be sent to a user's manager when that user's attribute changes to a particular value (i.e. employeeState from "pending" to "active").

How can I implement this in UNIFYBroker/Plus?  This is functionality that is likely to be generally necessary, as customers often have a requirement to initiate a once-off event/action in response to a user's changed circumstances.

Even though a SCIM connection from Azure UNIFYBroker successfully created a new user in AD, it also logged an error.

Log and config attached.

create-success.pcapng

Extensibility.zip

UnifyLog20200212.zip