Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Can't edit the FTP Agent timeout
When editing the FTP Agent timeout, the value entered is not saved and always resets back to 00:00:00.
v5.3.2 Revision #0
Patch for this one, should go in the /Services/ directory of Broker. Will be included in the next 5.3 rollup release.
Following error started appearing on google apps connector
Hi All,
Noticed a ticket in voice with basically the same error as the one below. Adam noted an internal change made by google as the cause of the error (https://voice.unifysolutions.net/communities/6/topics/2802-google-apps-group-import-error). Would you be able to take a look and see if this is the same scenario. This occurrence is likely for the same client as the ticket linked.
Change detection engine import all items failed.
Change detection engine import all items for connector Google STAFF: Groups Connector failed with reason One or more errors occurred.. Duration: 00:14:34.7327688
Error details:
System.AggregateException: One or more errors occurred. ---> System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message "Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass69_3`1.b__1()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass83_0.b__2(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.b__0(Object )
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body)
at Unify.Product.IdentityBroker.GoogleAgent.ProcessedGroups(Func`1 getDirectoryService, Func`1 getGroupsSettingsService, ConcurrentBag`1 directoryServices, ConcurrentBag`1 groupsSettingsServices, GroupEntityAdapter groupAdapter, GroupSettingsEntityAdapter groupSettingAdapter, IGroupMembersEntityAdapter groupMembersAdapter, IEnumerable`1 groupsValue, Boolean manageGroupSettings, GroupMembersReadMethod groupMembersReadMethod, String[] groupNameSuffixWhitelistFilter)
at Unify.Product.IdentityBroker.GoogleAgent.d__57.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)
---> (Inner Exception #0) System.Exception: A Google API exception was thrown for call GroupsSettings.Get with message "Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
". See inner exception for details. Processing continued: False. ---> Google.GoogleApiException: Google.Apis.Requests.RequestError
Invalid Value [400]
Errors [
Message[Invalid Value] Location[ - ] Reason[invalid] Domain[global]
]
at Google.Apis.Requests.ClientServiceRequest`1.Execute()
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
--- End of inner exception stack trace ---
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass69_3`1.b__1()
at Unify.Product.IdentityBroker.GoogleAgent.ThrowIfPrimaryCall(Boolean primaryCall, Action throwException)
at Unify.Product.IdentityBroker.GoogleAgent.BackoffRetry[TResult](String logEvent, Boolean throwExceptions, Func`1 request, Action newClient, TResult& result, Int32 retries)
at Unify.Product.IdentityBroker.GoogleAgent.<>c__DisplayClass83_0.b__2(Tuple`2 group)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.b__0(Object )<---
UNIFYBroker Version: v5.3.1 Revision #4
Google Connector Version: v5.3.2.0
Let me know if you need any further information.
Thank you
Aurion agent proxy settings don't appear to be working
Hi Gents,
Raising this ticket out of a support request from DIIS (Industry). They are looking to transition to a cloud hosted instance of Aurion, and to use a proxy server to provide a bridge between the 2.
However it appears the proxy settings for the Aurion agent are being ignored in communications.
They are on:
- Identity Broker Service v5.2.1.0
- Identity Broker for Aurion v5.2.0.1
They have provided the following (santitised) agent configuration:
<?xml version="1.0" encoding="utf-8"?> <agentengine> <agents> <agent name="Aurion" id="9cd4a7d7-2852-40d5-afc4-089102472dc7" type="Unify.Agent.Aurion" description=" {COMMENTS REMOVED}"> <extended> <communicator credentialsoptions="None" uri="https://api.aurion.cloud/{instance_name_removed}/production/servlet/services/ev397_aurion_ws?wsdl" ignorecertificateerrorslevel="Default" preauthenticate="false" usedefaulttimeout="false" timeout="PT55M" proxyoptions="Custom" proxyuri="http://{ PROXYIP}:8080/" proxycredentialsoptions="Default"> </communicator></extended></agent></agents></agentengine>
I've spoken with Matt, and apparently there is a known issue with version 5.2 and a fix which addresses this issue. (Not currently available on Voice).
Closing due to no response. If the patch hasn't fixed the issue, please feel free to re-open the ticket.
Initiating actions in UNIFYBroker/Plus on attribute value change
I am building a customer solution that requires an email to be sent to a user's manager when that user's attribute changes to a particular value (i.e. employeeState from "pending" to "active").
How can I implement this in UNIFYBroker/Plus? This is functionality that is likely to be generally necessary, as customers often have a requirement to initiate a once-off event/action in response to a user's changed circumstances.
User creation via SCIM gateway is successful but UNIFYBroker logs a SCIM operation error
Even though a SCIM connection from Azure UNIFYBroker successfully created a new user in AD, it also logged an error.
Log and config attached.
Closed due to no response. If the patch has caused issues or not resolved the root issue, please feel free to re-open the ticket.
Issues with SCIM gateway
- Authenticating
- What credentials?
- Purpose of "Secret Token" in Azure portal
- Querying (used for test connection)
- Null reference exception
- HTTPS
- Bad request returned from TLS1.2 Client Hello
Can't find any entities in a pre-provisioning outbound task during Baseline Sync for brand new entities in the Locker
I have a locker with a number of new entities that I am trying to provision to an adapter via a link. The underlying connector (AD, "group" object type) requires certain entity data attributes to be set that aren't available in the Locker, so I am trying to use an Outgoing Pre-Provisioning Task to set those attributes. However, I cannot see any entities in the Pre-Provisioning Task.
I followed these instructions:
Here is my synchronously executed outgoing pre-provisioning task:
$ProvisioningOU = "OU=Azure Entitlements Demo,DC=adrian,DC=unifysolutions,DC=net"
$Logger.LogInformation("***** Pre-Provision to '$ProvisioningOU' *****")
foreach ($entity in $sourceEntities) {
$Logger.LogInformation("***** Pre-Provision sourceEntity *****")
}
foreach ($entity in $targetEntities) {
$Logger.LogInformation("***** Pre-Provision targetEntity *****")
$cn = $entity.SourceEntity["displayName"]
$dn = "CN=$cn,$ProvisioningOU"
$entity["ActiveDirectoryGroupDn"] = $dn
$Logger.LogInformation("Provision '$cn' to $dn")
}
foreach ($entity in $joinedEntities) {
$Logger.LogInformation("***** Pre-Provision joinedEntity *****")
}
$Logger.LogInformation("***** Pre-Provision Done *****")
Here is what I see in the error log (set to Diagnostic):
There do not appear to be any entities being passed to the Task. The 5 entities not currently provisioned are marked as Incomplete (the other entity is pre-existing in the target connector/adapter).
In the Pre-Provisioning Task, how can I access the entities that are to be provisioned?
Fantastic job with the REST API!
Blown away with how easy this is to work with - just needed a little push in the right direction and it worked a treat with minimal effort. Endless possibilities here - particularly with scripted deployment!
Thanks guys!
Hey Bob,
Thanks for the great feedback! There are some nuances with the client generation, if you change the address to localhost you will have more luck. Otherwise, you can use an external tool (such as NSwagStudio) to achieve the same outcome.
PowerShell transformation recalculation
We have staff details sourced from Oracle table example fields are EmployeeNumber, StartDate and LastUpdated. The requirement is to activate the staff account seven days before the start date. We calculate the AccountStatus in a PowerShell transformation i.e. Active or Inactive based on the StartDate. UNIFYBroker is configured to run full import every hour.
For example, a new staff member is added into the source system on 20-Dec-2019; and after 20-Dec-2019 the record is not updated in the source system, below is the state.
Staff Connector |
Staff Adapter |
EmployeeNumber = 123456 StartDate = 2-Jan-2020 LastUpdated = 20-Dec-2019 |
EmployeeNumber = 123456 StartDate = 2-Jan-2020 LastUpdated = 20-Dec-2019 AccountStatus = Inactive |
As per the requirement staff should be enabled on 27-Dec-2019. On 2-Jan-2020 following was the state.
Staff Connector |
Staff Adapter |
EmployeeNumber = 123456 StartDate = 2-Jan-2020 LastUpdated = 20-Dec-2019 |
EmployeeNumber = 123456 StartDate = 2-Jan-2020 LastUpdated = 20-Dec-2019 AccountStatus = Inactive |
However, when we execute Advanced Operations --> Generate Changes manually AccountStatus was updated to ‘Active’.
It appears that if there is no change to the connector entity the adapter’s PowerShell transformation is not recalculated even on connector's full import.
Is there a workaround?
Powershell transformations now have the ability to register fields with change detection in the latest 5.3 release.
Information on the capability is available on this ticket, documentation will be updated in the future to include proper usage of this capability:
LdapOperationException: Found multiple entities with the distinguished name
Hi,
Unify.IdentityBroker.FIMAdapter.dll is generating error during a Delta import, but works fine with a Full Import:
The extensible extension returned an unsupported error.
The stack trace is:
"Unify.Product.IdentityBroker.LdapOperationException: Found multiple entities with the distinguished name 'CN=00******,OU=Staff,DC=IdentityBroker'.
at Unify.Product.IdentityBroker.LdapConnection.SendRequest(ILdapRequest request)
at Unify.Product.IdentityBroker.LdapConnectionProxy.d__8.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.d__30.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at Unify.Product.IdentityBroker.ExtensionMethods.Take[TSource](IEnumerator`1 source, Int32 count, IList`1& items)
at Unify.Product.IdentityBroker.ExtensionMethods.d__3`1.MoveNext()
at Unify.Product.IdentityBroker.ImportProxy.Import(GetImportEntriesRunStep importRunStep)
at Unify.Product.IdentityBroker.UnifyLdapConnector.GetImportEntries(GetImportEntriesRunStep importRunStep)
Forefront Identity Manager 4.4.1749.0"
Each time the error occurs, it is a different user.
I have check in the UnifyBroker connector and adapter, there is only one entry for this user. I checked in ADSI, only one record as well.
There are 3 connectors plugged to UNIFYBroker, all connectors have already got this issue in the past.
The database is on a loadbalanced cluster.
Do you have any idea why this error occurs?
UNIFYBroker v.5.3.1 RC2
Unify.IdentityBroker.FIMAdapter.dll v5.3.0
Hi Anthony
This is a known issue with this release of Broker, not the MA. I recommend upgrading to the latest release, Broker v5.3.2 RTM, which contains the fix for this issue.
Customer support service by UserEcho