Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Completed

Health Check Uptime for IDaaS only shows past 24 hours

Image 4674

This is probably fine for the customer facing thing - but I think we need to have something for our own purposes that gives a little more information than this.

Answer

Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.

0
Completed

Provisions in Last Month graph should be bar chart instead of line chart

Image 4673

This graph is confusing - if it's the "last month" - where's the last month? I also think it would be better as a bar graph.

Answer

Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.

0
Completed

Link Connector Errors is poorly designed

Image 4672


This graph is misleading - this is total connector messages. We need to rethink what this section of the graph is trying to say.

Answer

Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.

0
Answered

Schedule "Generate Changes" for an Adapter in Identity Broker

Alan Schmarr 7 years ago updated 7 years ago 7

Hi,

I'm looking for scheduling "Generate Changes" for an Adapter that is using PowerShell transformation.

I had a look at using Scheduled Jobs PowerShell activity, the documentation online don't really show examples or if it is possible.

Please can you direct me with some examples?


Answer
Curtis Lusmore 7 years ago

Hi Alan,

As you suggested, this should be possible with a Scheduled Job similar to the following

$adapterId = [Guid]'00000000-0000-0000-0000-000000000000'
$components.AdapterEngine.SimulateChanges($adapterId)

I'm curious what your specific use case is, because I think ultimately there's a better solution to this problem. Do you know at the time that the transformation runs when future changes will be required for each entity?

0
Answered

Configuring Identity Broker Plus v5.2.1 via API's only

Adam Bradley 7 years ago in UNIFYBroker/Plus updated 7 years ago 2

Looking for guidance on how to configure IdB Plus via API's only. Thanks in advance.

Answer
Curtis Lusmore 7 years ago

Hi Adam,

See APIs. If you visit the Swagger endpoint you can see documentation on the API operations available to you. For the default API endpoint, this should be http://localhost:59991/IdentityBroker/swagger

0
Won't fix

Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'.

Matthew Davis (Technical Product Manager) 7 years ago updated by Bob Bradley 5 years ago 3

Identity Broker v5.2.1.0

When running an import on a connector, if you have a schema field in your connector that is the same as another connector or adapter, but only differing in casing, the import fails with the following error:

Connector processing failed.
Connector Processing page 1 for connector Test2Csv failed with reason Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond).
The statement has been terminated.. Duration: 00:00:00.0725432. 
Error details:
System.Data.SqlClient.SqlException (0x80131904): Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond).
The statement has been terminated.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
at System.Data.SqlClient.SqlDataReader.get_MetaData()
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult)
at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries)
at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query)
at System.Data.Linq.ChangeDirector.StandardChangeDirector.DynamicInsert(TrackedObject item)
at System.Data.Linq.ChangeProcessor.SubmitChanges(ConflictMode failureMode)
at System.Data.Linq.DataContext.SubmitChanges(ConflictMode failureMode)
at Unify.Product.IdentityBroker.Repository.EntityLinqQueryConverterUtilitiesBase`4.GetCollectionKeyData(TEntityKey key, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass31_0.<convertitemtovalues>b__0(KeyValuePair`2 entityValueAndKey)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.<selectmanyiterator>d__17`2.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input)
at Unify.Product.IdentityBroker.ConnectorEntityChangeProcessor.ProcessEntities(IEnumerable`1 connectorEntities, IEnumerable`1 repositoryEntities, IEntityChangesReportGenerator`2 reportGenerator)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
ClientConnectionId:f57bfe7a-c01b-4101-87a7-e2809963b2e8
Error Number:2627,State:1,Class:14


To Reproduce:

Create two CSV connectors with duplicate schema, case sensitive. Run an import on both, recognise that the import succeeds.
Modify the schema of one of the connectors, changing only the casing of a field name. Re-run the import, and notice it fails with the exception above. 


I've noticed this now across both the CSV connector and a custom connector. It also happens if you've got a field in the adapter with the same name, but differing in casing. You can test this by creating a constant field in one adapter that is the same as a unique schema field on your second connector, but only differing in casing. Run the connector import and the same error throws.


Answer
anonymous 7 years ago

This issue is caused by the default SQL collation not matching that in code. Please use the workaround of changing field name to not clash.

If anyone comes up against this issue please let us know. Our current approach will be to add in support for new data layers, unless we get some new use cases.

0
Answered

Entities not created on Polling import

Carol Wapshere 7 years ago in PowerShell connector updated by Curtis Lusmore 7 years ago 3

I am developing a Powershell connector. It uses exactly the same script for Full and Polling imports, just with a "-RunType Delta" switch for polling. The difference is all about how it detects how many users to look at - once it gets to creating the IdB entities the script is identical.

I have four new objects in the external system. They are correctly identified by the script on a Polling import, however the new entities are not created in IdB. When I run a Full import the entities are created. (I have done searches to confirm this)

The following log excerpt shows the four entities that should be created, but the changes reported are 0:

20171211,04:47:22,UNIFY Identity Broker,Logging,Information,Exchange Protected Import: Creating 4 entities,Normal
20171211,04:47:23,UNIFY Identity Broker,Logging,Information,"
Key   : DN
Value : CN=Supressed1\, Changed1,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain
Key   : PersonNumber
Value : 20523
Key   : TerminationAutoReply
Value : False
Key   : Status
Value : ACTIVE
Key   : HiddenFromGAL
Value : False
",Normal
20171211,04:47:23,UNIFY Identity Broker,Logging,Information,"
Key   : DN
Value : CN=Supressed2\, Changed2,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain
Key   : PersonNumber
Value : 11831
Key   : TerminationAutoReply
Value : False
Key   : Status
Value : ACTIVE
Key   : HiddenFromGAL
Value : False
",Normal
20171211,04:47:23,UNIFY Identity Broker,Logging,Information,"
Key   : DN
Value : CN=Supressed3\, Changed3,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain
Key   : PersonNumber
Value : 73564915
Key   : TerminationAutoReply
Value : False
Key   : Status
Value : ACTIVE
Key   : HiddenFromGAL
Value : False
",Normal
20171211,04:47:23,UNIFY Identity Broker,Logging,Information,"
Key   : DN
Value : CN=Supressed4\, Changed4,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain
Key   : PersonNumber
Value : 18582
Key   : TerminationAutoReply
Value : False
Key   : Status
Value : ACTIVE
Key   : HiddenFromGAL
Value : False
",Normal
20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Request to import changes from connector.
Request to import changes from connector PowerShell Exchange PROTECTED.",Normal
20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Import changes from connector completed.
Import changes from connector PowerShell Exchange PROTECTED reported 0 changes. Duration: 00:00:00",Normal
20171211,04:47:23,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine import changes completed.
Change detection engine import changes for connector PowerShell Exchange PROTECTED returned 0 possible changes. Duration: 00:00:04.8439784",Normal


The part of the script the creates the entities is as follows. When I generated that log above I had the two lines uncommented that log the full $entity:

###
### Create/update entities
###
if ($ManagedUsers.count -gt 0) 
{
    $logger.LogInformation("$LogPrefix Creating {0} entities" -f $ManagedUsers.count.ToString())
    foreach ($user in $ManagedUsers)
    {
        $entity = $entities.Create()
        $entity["PersonNumber"] = $user.employeeNumber
        $entity["DN"] = $user.DistinguishedName
        $entity["Status"] = $user.extensionAttribute13
        if ($Mailboxes.ContainsKey($user.DistinguishedName))
        {
            $mb = $Mailboxes.($user.DistinguishedName)
            $entity["DirectPermissions"] = $mb.DirectPermissions
            $entity["HiddenFromGAL"] = $mb.HiddenFromGAL
            $entity["MailboxType"] = $mb.MailboxType
            $entity["PrimaryEmailAddress"] = $user.mail
            $entity["ProxyEmailAddresses"] = $mb.EmailAddresses
            $entity["TerminationAutoReply"] = $mb.TerminationAutoReply
            $entity["TerminationMailCount"] = $mb.TerminationMailCount
        }
        else
        {
            $entity["DirectPermissions"] = $null
            $entity["HiddenFromGAL"] = $false
            $entity["MailboxType"] = $null
            $entity["PrimaryEmailAddress"] = $null
            $entity["ProxyEmailAddresses"] = $null
            $entity["TerminationAutoReply"] = $false
            $entity["TerminationMailCount"] = $null
        }
        #[string]$str = $entity | fl | out-string
        #$logger.LogInformation($str)
        $entity.Commit()
    }
}

I'm on v5.1.0 Revision #1. I should be able to upgrade but it's a bit of a process to get software into the environment, so is there anything else I should be looking at?

Answer
Curtis Lusmore 7 years ago

You were right - I had the default (Entity Id) selected when I needed Entity. I thought this seemed familiar - I have definitely hit this before.

0
Answered

Code Samples for Identity Broker Plus v5.1 PowerShell Tasks

Dilip Ramakrishnan 7 years ago in UNIFYBroker/Plus updated by Curtis Lusmore 7 years ago 1

Hello - I'm looking for Sample scripts to perform post-provisioning and pre-provisioning PowerShell scripts as part of IDB Plus. Knowledge base articles show some basic info on syntax but would like to see sample scripts which then could be customized.

Answer
Curtis Lusmore 7 years ago

Thanks for the suggestion, Dilip.

I've added an example to the bottom of PowerShell Task.

0
Planned

IdB search logging on Diagnostic instead of Verbose

Carol Wapshere 7 years ago in PowerShell connector updated by Matthew Davis (Technical Product Manager) 3 years ago 5

With the Powershell connector I add lots of logging into my scripts. When troubleshooting I want to bump the log level up to Verbose so I can see my Information logs - however IdB UI search logging also seems to run at this level. So if I put "My Powershell script" as a search in the IdB Logs UI it fills up with lots of logging about that particular search string, making it hard for me to track my own logs. Could the IdB search logging be moved to a Diagnostic setting?

Answer
anonymous 3 years ago

Yes, easy enough to do and agree that it's a more sensible log level for this message.

0
Answered

Workday Identity Broker information

Werner Deysel 7 years ago in UNIFYBroker/Workday updated by anonymous 7 years ago 3

Hi,


I would like to know somethings about the Workday Identity Broker.


1. Does the Identity Broker honor the Workday +7 hrs time difference or does it ignore it?

2. What data gets imported via the Delta stages when it Imports it from Workday?


Would anyone be able to assist in finding out those questions


Kind Regards

Werner

Answer
anonymous 7 years ago

Hi Werner,

1. Are you referring to the buggy/inconsistent handling of time-zones by Workday? If so, the connector accounts for it where we have noticed it being an issue. Currently this is on the Polling import calls (Worker and Organization - using the timezone offset setting), as well as the comparison against hire date and seniority date (uses a date comparison instead of time based).

2. I've added a note to the Usage section on the Workday Worker Connector.

Thanks.