Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Answered

Exporting to SharePoint Orgs results in cd-error after incorrect Parent Org calculation

Hi There,

Current client is implementing a new HR system which is also authoritative for Org objects.
The Org objects are flowing through to SharePoint and were previously being sourced by Aurion.


During the deployment, the Parent Org calculation was incorrect and exported to SharePoint pointing to the incorrect parent Org. This resulted in a some MIM errors as you would expect (cd-error) - No further Event Viewer logs/info

As a result, the idMParentProfileReference attribute in IdentityBroker used to provide the Parent Org is now NULL for some objects. The good thing is that the Org structure does not look it has been updated or changed at this point.

We now have the correct Parent Org structure in MIM ready to export but the SharePoint Org exports continue to fail with a cd-error.

Referencing the idB for SharePoint prerequisites KB, it sounds as if these need to be filled manually the first time for these exports to succeed. 

Example screenshot of before and after attached.

Before

Image 5220

After

Image 5221



I understand that the idMParentProfileReference needs to be filled in order for the Org structure to be managed as shown the example from the Prerequisites KB: Example below:

Image 5222



In order to manage SharePoint 2010 organization profiles, a field must be manually added to the SharePoint schema, and populated for any users who exist prior to enabling Identity Broker. This is required because SharePoint uses its own internal Record Id for resolving the parent reference with SharePoint, and this field cannot be set externally unless the corresponding SharePoint identifier for the parent profile is used. This is typically an organization unit code or identifier. This field should be either a string, integer, or distinguished name type in SharePoint, and will need to be appropriately configured in the Microsoft SharePoint 2010 Organization Profile Connector schema. The default connector configuration assumes a name of IdmProfileReference for this field.
In order to successfully provision and update hierarchy information for organization profiles, the connector requires this field containing the value of profile's reference in the identity management solution, and an additional field containing the profile's parent reference in a DN format (which does not need to be added to SharePoint). Refer to Microsoft SharePoint 2010 Organization Profile Connector for more information.

Does the idM Profile Reference need to be filled manually the first time / if it is NULL? 

OR

Is it expected that MIM can write to it freely?

I'm just trying to get an understanding of why SharePoint wont accept the structure i'm exporting.
I have ensured that the DN format is correct and written as it was previously - I believe this has to do with the fact that incorrect parent Org DNs were exported in the first instance.

Imports of a test connector (Copy of the original connector) Show the following in Logs:

Request to import all entities from connector SP TEST.",Normal
20190620,00:39:51,UNIFY Identity Broker,Connector,Information,"Import all entities from connector completed.
Import all entities from connector SP TEST return 868 entities. Duration: 00:00:00",Normal
20190620,00:39:51,UNIFY Identity Broker,Connector Processor,Information,"Connector Processing started.
Connector Processing started for connector SP TEST (page 1)",Normal
20190620,00:39:51,UNIFY Identity Broker,Connector engine,Information,"Request to get the enabled state of the selected connector.
Request to get the enabled state of the 8955f94f-4373-424e-a502-e8d8bc2c1fd4 connector started.",Verbose
20190620,00:39:51,UNIFY Identity Broker,Connector engine,Information,"Request to get the enabled state of the selected connector.
Request to get the enabled state of the 8955f94f-4373-424e-a502-e8d8bc2c1fd4 connector completed. Duration: 00:00:00",Verbose
20190620,00:39:51,UNIFY Identity Broker,Connector Processor,Information,"Connector processing failed.
Connector Processing page 1 for connector SP TEST failed with reason The key has been duplicated.. Duration: 00:00:00.1875685.
Error details:
System.ArgumentException: The key has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()",Normal
20190620,00:39:51,UNIFY Identity Broker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector SP TEST failed with reason An error occurred while evaluating a task on a worker thread. See the inner exception details for information.. Duration: 00:00:11.2399393
Error details:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread. See the inner exception details for information. ---> System.ArgumentException: The key has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
--- End of inner exception stack trace ---
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForCompletedThreads()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
20190620,00:39:51,UNIFY Identity Broker,Void CheckForException(),Error,"Unify.Framework.DesignPatterns:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread. See the inner exception details for information. ---> System.ArgumentException: The key has been duplicated.
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
--- End of inner exception stack trace ---
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForCompletedThreads()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Diagnostic


I'm not sure if this is directly related to this issue but this looks as though a NULL key has been added and may need to fixed up at the source.

Config copy attached

Any assistance would be appreciated.


Ryan

Answer
Ryan Crossingham 5 years ago

Hi Matt,

This ticket can now be closed - The issue here was directly related to the target system data locking the object and not allowing reference attributes to be exported correctly.

0
Not a bug

Active Directory connector doesn't support AD move operation (dn change) even though UNIFYAssure-Aurion-Sample uses it

UNIFYAssure-Aurion-Sample attempts to move AD user object by modifying the 'dn' attribute on the AD connector, but when it tries to do so this error appears in the log:

Image 5213

Here's the error I see in the UI:

Image 5214

Here's the PowerShell code from UNIFYAssure-Aurion-Sample:

Image 5215

Here are the Adapter config excerpts:

Image 5216

Image 5217

Image 5218

Answer
Adam van Vliet 6 years ago

It might be that this wasn't a use case for the sample configuration. The DN can be changed during the update operation by instead using objectGUID as the key.

0
Not a bug

UNIFYAssure-Aurion-Sample install reports that field names are reserved after restart

Adrian Corston 6 years ago updated by Matthew Davis (Technical Product Manager) 6 years ago 8

I just restarted my Broker instance (to try to clear a Link baseline sync that appeared unwilling to stop) and now I see this error in the dashboard.  My install is a UNIFYAssure-Aurion-Sample with few changes other than a 'Request Schema' from AD and addition of a handful of other fields in Links and Lockers.

Image 5209

What should I do about it?

Answer

Hey Adrian,

Thanks for the suggestion. At this time, after some discussion we've concluded that it would potentially confuse people more if the connector schema was to automatically un-tick the box next to fields reserved by the LDAP specification.

The reason for this, is that it's perfectly acceptable to have these fields in the connector schema, and they will only be an issue when subsequently exposed on the adapter. However, it is a normal use case for a connector to not be exposed to an adapter directly; rather to be joined and aggregated on an existing adapter. In this case, the reserved field names would not be exposed down to the gateway so wouldn't cause any problems.

0
Completed

Documentation of supported Date and Timestamp field values in Broker CSV files

Adrian Corston 6 years ago updated by Matthew Davis (Technical Product Manager) 6 years ago 4

Could you please document the supported and recommended Date and Timestamp field values that can be used in Broker CSV connector data files?

Beau says he normally uses yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z' (e.g. "2019-06-01T12:34:56Z").

Answer

Thanks Adrian. I've added it to our backlog to improve the documentation based on the above comments.

0
Planned

Broker/Plus Locker entity search Origin Info information is not clear or sufficient

Adrian Corston 6 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 2 years ago 3

I am a new Broker/Plus user and want to see where a Locker is getting its field values from, so I clicked on the Entity Id and then on Origin Info.  This is the screen I see:

Image 5203

This doesn't tell me which Adapter contributed the current value for the sAMUsername field.  I tried searching the Extensibility files for the Entity Id and Partition Id, but neither told me which Adapter the field value came from.

Could you please add the name of the Adapter that contributed the field value somewhere on this popup?

Also, it's not clear what the Type information here means.  What does it mean that my 'sAMUsername' field is of type 'PlugIn'?

0
Fixed

Authentication details have not been provided

Full imports for all 3 connectors, as well as polling imports for the employees connector are now all working.  However polling imports are failing with a "Authentication details have not been provided" error for both Position and Position Occupancy as follows:

Change detection engine import changes for connector _KB_JadeStar Position Connector failed with reason The content type application/soap+xml; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 676 bytes of the response were: '<?xml version="1.0" encoding="UTF-8"?> <soap:envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:body> <soap:fault> <soap:code> <soap:value>soap:Sender</soap:value> </soap:code> <soap:reason> <soap:text xml:lang="en">Error 1000 - Authentication details have not been provided.</soap:text> </soap:reason> <soap:detail> <tns:faultdetails xmlns:tns="urn:JadeWebServices/WebServiceZ2/"> <errorcode>1000</errorcode> <erroritem></erroritem> <errortext>Authentication details have not been provided.</errortext> </tns:faultdetails> </soap:detail> </soap:fault> </soap:body> </soap:envelope> '.. Duration: 00:00:00.2343790 

Is it possible that the polling messages could be malformed for 2 connectors but OK for another?

The same exception is occurring for both v4 and v5 Broker connectors talking to the same endpoint.

Thanks

0
Answered

Voice doesn't have a category for tickets that apply to the Broker base product

Adrian Corston 6 years ago updated by Beau Harrison (Senior Product Software Engineer) 6 years ago 2

Voice doesn't have a category for tickets that apply to the Broker base product.  There are numerous options for agents and other things, but seemingly none for the Broker base product itself... unless that's what UNIFYCore is?

There also isn't a category for reporting bugs in Voice.

Image 5194

Image 5195

Answer

Hi Adrian, since this Broker forum there is not need for a Broker subcategory. Uncategorized is where you should post.

0
Fixed

Adapter edit UI displays 'System.MissingMethodException: Method not found: 'Void Unify.Connect.Web.Client.AdapterClient..ctor(System.String)'' error in Broker 5.3.1.4

Adrian Corston 6 years ago updated by Matthew Davis (Technical Product Manager) 6 years ago 5

When I attempt to access an Adapter in the web UI in Broker 5.3.1.4 the following error screen appears.  This happens for all existing Adapters, and as the last step when creating a new Adapter (which is written to the Extensibility config file just fine).  The Agents, Connectors and other UI screens work just fine.  I am using IIS on the same server as the Broker Service is installed, and Plus and a number of other agents are also installed (see below for details).  The Extensibility files are based on a fresh install of all Broker packages.

Image 5191

The text is:

Error

System.MissingMethodException: Method not found: 'Void Unify.Connect.Web.Client.AdapterClient..ctor(System.String)'.
at Unify.Connect.Web.PlusControllerBase.get_AdapterClient()
at Unify.Connect.Web.LockerControllerFactory.<CreateComponent>b__0_0(HtmlHelper html, AdapterDetailsProviderInformation info)
at Unify.Connect.Web.AdapterDetailsProvider.WriteAll(HtmlHelper helper, AdapterDetailsProviderInformation adapterDetails)
at ASP._Page_Views_Adapter_AdapterDetails_cshtml.Execute() in c:\Program Files\UNIFY Solutions\Identity Broker\Web\Views\Adapter\AdapterDetails.cshtml:line 152
at System.Web.WebPages.WebPageBase.ExecutePageHierarchy()
at System.Web.Mvc.WebViewPage.ExecutePageHierarchy()
at System.Web.WebPages.StartPage.ExecutePageHierarchy()
at System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage)
at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<BeginInvokeAction>b__1b(IAsyncResult asyncResult)

The error refers to line 152 of c:\Program Files\UNIFY Solutions\Identity Broker\Web\Views\Adapter\AdapterDetails.cshtml which reads as follows:

AdapterDetailsProvider.Instance.WriteAll(Html, adapterDetailsProviderInformation);

Here are details of the install:

UNIFYBroker

About:UNIFYBroker
v5.3.1 Revision #4
© 2004 - 2018 UNIFY Solutions Pty. Ltd.
Support:https://voice.unifysolutions.net/forums/6-identity-broker-forum/


Plug-in Version Details

Plugin KeyVersion
Microsoft Active Directory5.3.0.0
Aurion API connector5.3.0.0
Sync Changes5.3.0.2
Plus Change Tracking5.3.0.2
Connections5.3.0.2
Links5.3.0.2
Link Statistics5.3.0.2
Lockers5.3.0.2
Locker Statistics5.3.0.2
Provisioning5.3.0.2
Plus5.3.0.2

Here is a snapshot of the folder containing the file reported in the error:

Image 5192

Here are the Adapter Extensibility file entries that were created successfully:

Image 5193

Please let me know if there is any more information that you require.

0
Answered

Timeout on Chris 21 Connectors

I'm getting timeouts on some Chris21 connectors. They seem to be intermittent, sometimes it works fine. Using v4.1.x Identity Broker and Chris21 connector. The error I get is as follows:

Image 5189

Are there any settings I can tweak on the IdB side to resolve this or is this Chris21 ending the connection early? I think there's a batch size setting or something similar but IdB is so slow to load with this customer I can't check again.

0
Answered

Chris21 Connector Failing - no status attribute

I'm getting the exact same error as in this ticket https://voice.unifysolutions.net/communities/6/topics/3223-import-all-entities-from-connector-chris21-secondment-connector-failed-with-reason-result-record

From the looks of things it's the exact same issue at the same customer. I don't know if Jerry ever resolved it. I've attached the log entry that's showing the error. It's using Idb and Chris 21 versions 4.1.x. Their Chris21 instance is version 8.16.17.

Adam suggested running some Chris 21 query as a resolution but I'm not sure where that query should be run. Is this likely to be a misconfiguration of Chris21 or something with IdB? This is in a test environment.

Please let me know if you need any more information.