Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+1
Under review

Test harness for Adapter and Link PowerShell Transformations

Bob Bradley 5 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 6 months ago 1

In order to support the unit testing requirements for transitioning PS solutions on Broker+ to the UNIFYConnect hosted platform, a test harness is required for all PowerShell transformations.

+1
Completed

Port UNIFYBroker Azure O/S Platform

Bob Bradley 6 years ago updated by Matthew Davis (Technical Product Manager) 5 years ago 4

It is becoming an impediment to future UNIFY* opportunities, particularly in the hosted solution space, that UNIFYBroker runs only on the Windows Server O/S.  If porting it to run natively on Azure would significantly reduce the current hosting impediments, while at the same time retain the natural partitioning between sites that comes from hosting the service within a VM, this would be of significant benefit to all parties from Sales to Implementation.  It would also make the idea of having Broker 3rd-party configurable more of a possibility.

Answer

Capability currently provided through the UNIFYConnect service offering. Can be provided for demos or poc's as necessary.

Further improvements will be provided in a future release of the product (version 6.0)

+1
Answered

Attepting to retrieve the CollectionKeyId for caption "FieldName" failed.

Carol Wapshere 7 years ago in UNIFYBroker/Aurion updated by Matthew Davis (Technical Product Manager) 6 months ago 4

I have added a new string field to the Aurion Person connector "ExtraField1". We already had "ExtraField2" (which was working).

The config already had a mapping:

<attribute name="Extra_Field_2" target="ExtraField2">

I have added underneath that:

<attribute name="Extra_Field_1" target="ExtraField1">

When I try to run the Import All now it runs for quite a while (this report takes a long time to generate), then fails with the error:

Attempting to retrieve the CollectionKeyId for caption ExtraField2 failed. No collection key found for that caption.

What has gone wrong?

I will send full error and config files by email once someone picks this up.

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

+1
Fixed

MIM Adapter Error if no IDB Adapters Enabled

Tested Against: Identity Broker v5.3

Currently if you have no adapters enabled in IDB, and you attempt to create an MA in MIM using the MIM Adapter ECMA2, you get the following error:

The extensible extension returned an unsupported error.
  
The stack trace is:
 "System.InvalidOperationException: Sequence contains no elements
   at System.Linq.Enumerable.Aggregate[TSource](IEnumerable`1 source, Func`3 func)
   at Unify.Product.IdentityBroker.LdapConnectionProxy.get_Schema()
   at Unify.Product.IdentityBroker.UnifyLdapConnectorTypeProxy.GetSchema(KeyedCollection`2 configParameters)
Forefront Identity Manager 4.4.1302.0"

It would be good if the error could either be reported in a more logical way (IE inform that there's no adapters enabled, and therefore no OU's to load), or simply allow the creation process to continue and the user will realise there's no adapters enabled in a subsequent step.


The error also occurs if you have adapters which are enabled with valid schema, but inhibited due to a condition with the base connector. 

Answer

Fixed, will be in next release

+1
Completed

Identity Broker dashboard enhancements

Andrew Silcock 9 years ago updated by anonymous 8 years ago 3

In doing development I found myself continually jumping between IDB Connector and Adapter pages to look at high level statistics such as polling object counts and pending changes on a few adapters - this can result in having half a dozen tabs open for this purpose.


As an enhancement it would be nice if the IDB Dashboard displayed some more high level statistics such as last run time/status, object counts and pending changes (for adapters) to get a more complete view of the system state.

Answer
anonymous 8 years ago

This is definitely something that will be considered if/when we do the UI rewrite.

+1
Answered

Entity in IdB connector and adapter but does not exist in target directory

Carol Wapshere 9 years ago in PowerShell connector updated by anonymous 9 years ago 3

IdB 5, Powershell connector, target system is RedHat LDAP.


There are three objects which exist as entities in the IdB connector and adapter but do not exist in LDAP. FIM is trying to update them and we're getting "Object does not exist" errors back from LDAP.


Connector Full Imports have been run. I turned on the verbose logging I'd added to the script which lists the DN of every object found by the Import script and these objects are not listed. I can't see any errors in the IdB log and the Full Import appears to have completed successfully.


So the question is, if they were not imported in a connector full import, shouldn't the entities have been removed from IdB?

Answer
anonymous 9 years ago

Looking at the logs shows that there were exported entities during the full import. The import logic is designed to not delete entities that are added whilst an import is occurring, as it has no way of knowing whether the end system is omitting the entry because it was deleted immediately or because it’s just not available yet for the import (e.g. snapshot or read copy/write copy style systems).

+1
Completed

Add support for integration external Workflow/Ticketing systems

Adam Bradley 10 years ago updated by anonymous 8 years ago 4

Add support for integration external Workflow/Ticketing systems

0
Won't fix

Unable to delete connectors and adapters within UNIFYBroker

Hayden Gray 4 weeks ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 2 weeks ago 3

It appears there may be an issue with my current environment.

I have a set of connectors and adapters I am trying to delete due to them no longer being in use. Their entities have been cleared for quite some time (a few months at least) and I am simply trying to delete them.

I am able to delete the connectors and adapters just fine within the interface, however upon restarting the UnifyBroker service, the service will fail to start back up. Giving the following error in the event logs:

Service cannot be started. Unify.Framework.UnifyServiceStartException: The DELETE statement conflicted with the REFERENCE constraint "FK_Entity_ObjectClass". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Entity", column 'ObjectClassId'.

The statement has been terminated. ---> System.Data.SqlClient.SqlException: The DELETE statement conflicted with the REFERENCE constraint "FK_Entity_ObjectClass". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Entity", column 'ObjectClassId'.

The statement has been terminated.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Bo...

I have tried this twice, so far and both ended with the same result. The first time I suspected maybe I didn't wait long enough before clearing the entities, deleting the configuration components and then restarting. However this second time the entities were cleared months ago, and when deleting the connectors/adapters I waited several hours before restarting the UnifyBroker service. So it would appear the DB has some sort of data issue preventing the deletion.

The connectors in question are just PowerShell connectors and the adapter have no transformations.

Version 5.3.2

Answer

Hi Matt,

Thank you for your time the other day to get to the bottom of this one.

Just to close this one off and document the result. Confirming the end issue here was the PartitionIDs in the ObjectClass table became misaligned with the service config xml (through one of the possible circumstances you have mentioned above). There were 2 object classes that were sharing PartitionIDs with 2 other object classes, one of which was also still an active adapter.

The fix, as you mentioned was to update the object's PartitionId in the ObjectClass table to align with the service config xml. After which I restarted the service to ensure it started okay, then deleted all the disabled connectors/adapters that were scheduled for removal, waited 10 minutes to ensure UNIFBroker had finished all database cleanup queries, then restarted the service once more to ensure the service started okay.

Thank you

0
Answered

Does the Content Manager connector support updating the 'Alternative Login' field?

Hi guys,

As per the title, we have had an inquiry as to whether the Content Manager connector supports updating the 'Alternative Login' field?

This appears to be a new field added in the latest version of Content Manager, so wouldn't be surprised if a patch is required.

Version information:
UNIFYBroker: v5.3.3
HP TRIM Connector: 5.3.1.0

Thanks,
Liam

Answer

Hi Liam,

The only fields I can see on the current API specification that may relate to these fields is the AdditionalLogin and SecondAdditionalLogin fields , potentially mapping to those two fields? The connector currently supports the AdditionalLogin field, but not the SecondAdditionalLogin . You can use this field through the LocationAdditionalLogin connector schema field and see if it retrieves/updates the values you're after?

0
Under review

Connector schema attribute settings are reflected to the adapter in a join transformation

Richard Green 5 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 months ago 1

Hi Gents,

Raising this in regards to an issue experienced recently at DCCEEW.

An adapter that is primarily used to provision out to a target system was modified with a join transform to include an additional attribute from another connector. This attribute happened to be the key field for the connector it was sourced from and naturally configured as a required field in the connector schema. After the join transform was applied the attribute was added to the adapter schema, but in addition the required field status was also reflected on the adapter.

As this was a mapped field, and not included in the attributes being exported through the adapter, this caused exports to fail with a schema validation error. 

Attributes mapped via a join transform should not be set as required on the adapter schema.