Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Connector Entity Search Screen Issue

Rizwan Ahmed 5 years ago updated by Beau Harrison (Senior Product Software Engineer) 5 years ago 5

On UNIFYBroker Service v5.3.2 RTM navigate to Connector Entity Search screen, click on any entity ID

Image 5285

The browser navigates back to the Connectors screen rather than presenting the full details of the record.

Image 5286

0
Planned

UNIFYBroker for chris21 v5.3.0 RTM Agent UI Issue

For the Chirs21 connector on the Agent screen Logon Application field should be optional. In the UNIFYBroker for chris21 v5.3.0 RTM it is mandatory.

0
Answered

Broker Plus Incompletes in sync from adapter to locker

Daniel Walters 5 years ago in UNIFYBroker/Plus updated 5 years ago 10

I'm getting this in the log files

Request to sync adapter to locker completed.

Sychronization job completed syncing 524 changes on the 'Active Directory to Person' link from the adapter to the locker. Delayed: 0 Incomplete :524 Denied: 0 Job ID <guid> Duration <time>

What does the incomplete status mean?

Answer

Looks like that link is not configured to provision. Is your locker empty? If the link doesn't provision and there is nothing to join onto, then that will also count as incomplete.

0
Answered

Cannot retreive schema for Chris21 DET connector

Jack Cheng 5 years ago in UNIFYBroker/Frontier ichris/chris21 updated 5 years ago 7

Chris21 DET Connector is configured as follow:

Image 5256

However, retrieving schema failed with the below error in the log:

20190628,03:22:53,UNIFYBroker,Logging Engine,Information,Log file started.,Minimal
20190628,03:22:53,UNIFYBroker,Connector Engine,Error,"The schema for 'c21 DET Connector' connector was not updated for the following reason: System.AggregateException: One or more errors occurred. ---> System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at Unify.Product.IdentityBroker.Chris21RecordtoChris21FieldDefinitionsAdapter.Transform(IChris21Record sourceValue, Boolean showTranslations)
at Unify.Product.IdentityBroker.Chris21Agent.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Chris21ConnectorBase.d__33.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Product.IdentityBroker.Chris21ConnectorSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)
---> (Inner Exception #0) System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at Unify.Product.IdentityBroker.Chris21RecordtoChris21FieldDefinitionsAdapter.Transform(IChris21Record sourceValue, Boolean showTranslations)
at Unify.Product.IdentityBroker.Chris21Agent.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Chris21ConnectorBase.d__33.MoveNext()<---
",Normal

Same error with a new Unify.IdentityBroker database as well.

The Frontiner chris21 agent connects without any error.

Image 5257

Answer

Run the following in the GTR form in chris21. This will run the same query the connector uses to retrieve its schema.

cbr="componentlist",screen="DET"
0
Answered

Binding UNIFYBroker endpoint/API to https

Paul Zelenewicz 6 years ago updated by Beau Harrison (Senior Product Software Engineer) 5 years ago 5

Hi team, 

Is it possible to bind the UNIFYBroker API/endpoint (http://servername:5999[0/1]) to https?

Answer

Hi Paul, we don't have it documented, but it is possible.

  1. Ensure you certificate is installed as a local machine certificate, not a user certificate.
  2. Follow these instructions To bind an SSL certificate to a port number. The appid can be any valid GUID.
  3. Update the configuration for the API. If you're modifying the default API, make sure you have a correctly configured web component ready to confirm the API changes.

Let me know if anything is incorrect or unclear. I'll turn these instructions into proper documentation based on your feedback.

0
Answered

Broker Plus: Error Exporting to AD

The versions are 5.3.2 for broker and 4.3.0 for AD with a provided patch. Plus is v5.3.0.2.  I'm attempting to export to AD with Broker Plus but getting this unknown error. The permissions in AD are right. The connection is right, Test Connection works and I'm getting user in when I import with the connector. When I run a baseline on the AD to Person link, I wait a while then this error appears in the log. The operations that should be ocurring are a DN rename and some attribute modifies.

Update entities to connector failed.
Update entities [Count:2] to connector Active Directory failed with reason A task faulted. See inner exception for details.. Duration: 00:00:00.0156294
Error details:
System.Exception: A task faulted. See inner exception for details. ---> System.Exception: Received error code Other for item with dn CN=Jane Jones,OU=Win10 Canberra Users,OU=Win10 Users,DC=internal,DC=govt. Message: 00002089: UpdErr: DSID-031B0E6F, problem 5012 (DIR_ERROR), data 2
---> System.DirectoryServices.Protocols.DirectoryOperationException: An unknown error occurred.
Server stack trace:
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]:
at System.DirectoryServices.Protocols.LdapConnection.EndSendRequest(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of inner exception stack trace ---
at Unify.Connectors.AD.ADAgent.ErrorCheckResponse(String dn, DirectoryResponse response, String operationName, Exception originalException)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<MoveEntryAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADConnector.<UpdateEntitiesAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToUpdatingAsyncConnectorBridge.<UpdateEntitiesAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.EventNotifierUpdatingAsyncConnectorDecorator.<UpdateEntitiesAsync>d__3.MoveNext()

Any ideas?

Answer

Turned out to be a misplaced space in the DN calculation.

0
Answered

Aurion: Could not create SSL/TLS secure channel

Daniel Walters 6 years ago in UNIFYBroker/Aurion updated by Adam van Vliet 6 years ago 3

Connection to Aurion was working yesterday. I was surprised it worked with nothing done to do with certificates since the webservice is a https address but today it's stopped working: "Change detection engine import all items for connector Aurion Employee failed with reason The request was aborted: Could not create SSL/TLS secure channel" System.Net.WebException. Does this mean a certificate needs to be installed on the Broker server? Or maybe something needs to be updated in the exe config? I googled the error but it was just alot of code samples and code fixes to resolve the issue. No description of what's really causing the error.

Answer
Adam van Vliet 6 years ago

It mysteriously started working again with no change on my side. Not sure what the issue was.

0
Not a bug

"Active Directory User to Person" Link is processing a Locker and creating an Outgoing Change even though there is no corresponding linked (or able to be linked) Adapter object and Outgoing Provisioning is disabled

I am using Broker/Plus to only join to objects from Aurion to AD, and not to provision (i.e. Outgoing Provisioning is disabled).  For a user in Aurion (with corresponding Locker record) where there is no corresponding AD record (i.e. the join criteria are not met for any existing AD adapter objects) the Link still reports an Outgoing Change for that object.

I have 7 Lockers:

Image 5247

I have four users in AD:

Image 5248

When I run a Baseline Synchronization on the AD Link, I see this:

Image 5249

Note that there are 7 Outgoing Changes, even though there are only 4 objects in the AD Adapter, and Provisioning is disabled so it should not be provisioning new ones.

Log file attached:

UnifyLog20190624.csv

Answer

Hi Adrian,

This is the intended behaviour. As the information message states

... Ensure that either the field/s used in the join rules are correctly mapped or, if this link is not responsible for provisioning, the joining entities already exist. ...

Meaning that of the 7 entities being synchronized, 4 were OK since the mapped adapter entities existed. The remaining 3 have no mapped adapter entities, and cannot provision them since that is disabled, so are considered incomplete and not processed.

As long as the intended behaviour is for those three entities to not be synchronized, then you can ignore that information message.

0
Planned

Outgoing Provisioning tasks run even when Outgoing Provisioning is disabled

Adrian Corston 6 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 3 years ago 1

In Broker/Plus, outgoing provisioning tasks are run even when the outgoing provisioning flag is disabled.

That task can be used for out of band provisioning operations.  Since the configuration flag only turns off object provisioning via the target adapter (and not any out-of-band provisioning activities that the task performs) the flag isn't as useful as it could be and the flag operates in a manner that may be contrary to user expectations.

Image 5246

0
Not a bug

accountExpires missing when running Request Schema from AD

Adrian Corston 6 years ago in UNIFYBroker/Microsoft Active Directory updated by Adam van Vliet 6 years ago 4

When I run 'Request Schema' on the Broker/AD connector, the 'accessExpires' AD attribute does not appear.

How do I add this attribute to my connector so that I can synchronise it in Broker/Plus?

Answer
Adam van Vliet 6 years ago

It is capable of reading these fields. I've added an item to the backlog to improve usability.