Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Connector Entity Search Screen Issue
On UNIFYBroker Service v5.3.2 RTM navigate to Connector Entity Search screen, click on any entity ID
The browser navigates back to the Connectors screen rather than presenting the full details of the record.
UNIFYBroker for chris21 v5.3.0 RTM Agent UI Issue
For the Chirs21 connector on the Agent screen Logon Application field should be optional. In the UNIFYBroker for chris21 v5.3.0 RTM it is mandatory.
Broker Plus Incompletes in sync from adapter to locker
I'm getting this in the log files
Request to sync adapter to locker completed.
Sychronization job completed syncing 524 changes on the 'Active Directory to Person' link from the adapter to the locker. Delayed: 0 Incomplete :524 Denied: 0 Job ID <guid> Duration <time>
What does the incomplete status mean?
Looks like that link is not configured to provision. Is your locker empty? If the link doesn't provision and there is nothing to join onto, then that will also count as incomplete.
Cannot retreive schema for Chris21 DET connector
Chris21 DET Connector is configured as follow:
However, retrieving schema failed with the below error in the log:
20190628,03:22:53,UNIFYBroker,Logging Engine,Information,Log file started.,Minimal
20190628,03:22:53,UNIFYBroker,Connector Engine,Error,"The schema for 'c21 DET Connector' connector was not updated for the following reason: System.AggregateException: One or more errors occurred. ---> System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at Unify.Product.IdentityBroker.Chris21RecordtoChris21FieldDefinitionsAdapter.Transform(IChris21Record sourceValue, Boolean showTranslations)
at Unify.Product.IdentityBroker.Chris21Agent.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Chris21ConnectorBase.d__33.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Unify.Product.IdentityBroker.Chris21ConnectorSchemaProvider.GetSchema(ISchemaProviderFactoryInformation factoryInformation)
at Unify.Product.IdentityBroker.ConnectorEngine.SchemaProviderResult(IOperationalConnector`1 operationalConnector, Func`2 selector, IEnumerable`1 appliedFields)
---> (Inner Exception #0) System.ArgumentException: An item with the same key has already been added.
at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
at Unify.Product.IdentityBroker.Chris21RecordtoChris21FieldDefinitionsAdapter.Transform(IChris21Record sourceValue, Boolean showTranslations)
at Unify.Product.IdentityBroker.Chris21Agent.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.Chris21ConnectorBase.d__33.MoveNext()<---
",Normal
Same error with a new Unify.IdentityBroker database as well.
The Frontiner chris21 agent connects without any error.
Run the following in the GTR form in chris21. This will run the same query the connector uses to retrieve its schema.
cbr="componentlist",screen="DET"
Binding UNIFYBroker endpoint/API to https
Hi team,
Is it possible to bind the UNIFYBroker API/endpoint (http://servername:5999[0/1]) to https?
Hi Paul, we don't have it documented, but it is possible.
- Ensure you certificate is installed as a local machine certificate, not a user certificate.
- Follow these instructions To bind an SSL certificate to a port number. The
appid
can be any valid GUID. - Update the configuration for the API. If you're modifying the default API, make sure you have a correctly configured web component ready to confirm the API changes.
Let me know if anything is incorrect or unclear. I'll turn these instructions into proper documentation based on your feedback.
Broker Plus: Error Exporting to AD
The versions are 5.3.2 for broker and 4.3.0 for AD with a provided patch. Plus is v5.3.0.2. I'm attempting to export to AD with Broker Plus but getting this unknown error. The permissions in AD are right. The connection is right, Test Connection works and I'm getting user in when I import with the connector. When I run a baseline on the AD to Person link, I wait a while then this error appears in the log. The operations that should be ocurring are a DN rename and some attribute modifies.
Update entities to connector failed.
Update entities [Count:2] to connector Active Directory failed with reason A task faulted. See inner exception for details.. Duration: 00:00:00.0156294
Error details:
System.Exception: A task faulted. See inner exception for details. ---> System.Exception: Received error code Other for item with dn CN=Jane Jones,OU=Win10 Canberra Users,OU=Win10 Users,DC=internal,DC=govt. Message: 00002089: UpdErr: DSID-031B0E6F, problem 5012 (DIR_ERROR), data 2
---> System.DirectoryServices.Protocols.DirectoryOperationException: An unknown error occurred.
Server stack trace:
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
Exception rethrown at [0]:
at System.DirectoryServices.Protocols.LdapConnection.EndSendRequest(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of inner exception stack trace ---
at Unify.Connectors.AD.ADAgent.ErrorCheckResponse(String dn, DirectoryResponse response, String operationName, Exception originalException)
at Unify.Connectors.AD.ADAgent.<ErrorCheckRequest>d__24`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADAgent.<MoveEntryAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Connectors.AD.ADConnector.<UpdateEntitiesAsync>d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.ConnectorToUpdatingAsyncConnectorBridge.<UpdateEntitiesAsync>d__8.MoveNext()
--- End of inner exception stack trace ---
at Unify.Framework.Auditing.AuditingExtensions.<>c__DisplayClass4_0.<TaskContinueWithExceptionPassthough>b__0(Task t)
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Unify.Product.IdentityBroker.EventNotifierUpdatingAsyncConnectorDecorator.<UpdateEntitiesAsync>d__3.MoveNext()
Any ideas?
Turned out to be a misplaced space in the DN calculation.
Aurion: Could not create SSL/TLS secure channel
Connection to Aurion was working yesterday. I was surprised it worked with nothing done to do with certificates since the webservice is a https address but today it's stopped working: "Change detection engine import all items for connector Aurion Employee failed with reason The request was aborted: Could not create SSL/TLS secure channel" System.Net.WebException. Does this mean a certificate needs to be installed on the Broker server? Or maybe something needs to be updated in the exe config? I googled the error but it was just alot of code samples and code fixes to resolve the issue. No description of what's really causing the error.
It mysteriously started working again with no change on my side. Not sure what the issue was.
"Active Directory User to Person" Link is processing a Locker and creating an Outgoing Change even though there is no corresponding linked (or able to be linked) Adapter object and Outgoing Provisioning is disabled
I am using Broker/Plus to only join to objects from Aurion to AD, and not to provision (i.e. Outgoing Provisioning is disabled). For a user in Aurion (with corresponding Locker record) where there is no corresponding AD record (i.e. the join criteria are not met for any existing AD adapter objects) the Link still reports an Outgoing Change for that object.
I have 7 Lockers:
I have four users in AD:
When I run a Baseline Synchronization on the AD Link, I see this:
Note that there are 7 Outgoing Changes, even though there are only 4 objects in the AD Adapter, and Provisioning is disabled so it should not be provisioning new ones.
Log file attached:
Hi Adrian,
This is the intended behaviour. As the information message states
... Ensure that either the field/s used in the join rules are correctly mapped or, if this link is not responsible for provisioning, the joining entities already exist. ...
Meaning that of the 7 entities being synchronized, 4 were OK since the mapped adapter entities existed. The remaining 3 have no mapped adapter entities, and cannot provision them since that is disabled, so are considered incomplete and not processed.
As long as the intended behaviour is for those three entities to not be synchronized, then you can ignore that information message.
Outgoing Provisioning tasks run even when Outgoing Provisioning is disabled
In Broker/Plus, outgoing provisioning tasks are run even when the outgoing provisioning flag is disabled.
That task can be used for out of band provisioning operations. Since the configuration flag only turns off object provisioning via the target adapter (and not any out-of-band provisioning activities that the task performs) the flag isn't as useful as it could be and the flag operates in a manner that may be contrary to user expectations.
accountExpires missing when running Request Schema from AD
When I run 'Request Schema' on the Broker/AD connector, the 'accessExpires' AD attribute does not appear.
How do I add this attribute to my connector so that I can synchronise it in Broker/Plus?
It is capable of reading these fields. I've added an item to the backlog to improve usability.
Customer support service by UserEcho