Identity Broker Forum
Welcome to the community forum for Identity Broker.
Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.
Health Check Uptime for IDaaS only shows past 24 hours
This is probably fine for the customer facing thing - but I think we need to have something for our own purposes that gives a little more information than this.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Provisions in Last Month graph should be bar chart instead of line chart
This graph is confusing - if it's the "last month" - where's the last month? I also think it would be better as a bar graph.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Link Connector Errors is poorly designed
This graph is misleading - this is total connector messages. We need to rethink what this section of the graph is trying to say.
Graphs for IDaaS will be reviewed and redesigned with the pending migration to the new UNIFYMonitor.
Schedule "Generate Changes" for an Adapter in Identity Broker
Hi,
I'm looking for scheduling "Generate Changes" for an Adapter that is using PowerShell transformation.
I had a look at using Scheduled Jobs PowerShell activity, the documentation online don't really show examples or if it is possible.
Please can you direct me with some examples?
Hi Alan,
As you suggested, this should be possible with a Scheduled Job similar to the following
$adapterId = [Guid]'00000000-0000-0000-0000-000000000000'
$components.AdapterEngine.SimulateChanges($adapterId)
I'm curious what your specific use case is, because I think ultimately there's a better solution to this problem. Do you know at the time that the transformation runs when future changes will be required for each entity?
Configuring Identity Broker Plus v5.2.1 via API's only
Looking for guidance on how to configure IdB Plus via API's only. Thanks in advance.
Hi Adam,
See APIs. If you visit the Swagger endpoint you can see documentation on the API operations available to you. For the default API endpoint, this should be http://localhost:59991/IdentityBroker/swagger
Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'.
Identity Broker v5.2.1.0
When running an import on a connector, if you have a schema field in your connector that is the same as another connector or adapter, but only differing in casing, the import fails with the following error:
Connector processing failed. Connector Processing page 1 for connector Test2Csv failed with reason Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond). The statement has been terminated.. Duration: 00:00:00.0725432. Error details: System.Data.SqlClient.SqlException (0x80131904): Violation of UNIQUE KEY constraint 'DF_CollectionKey_Caption'. Cannot insert duplicate key in object 'dbo.CollectionKey'. The duplicate key value is (MySecond). The statement has been terminated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.Linq.SqlClient.SqlProvider.Execute(Expression query, QueryInfo queryInfo, IObjectReaderFactory factory, Object[] parentArgs, Object[] userArgs, ICompiledSubQuery[] subQueries, Object lastResult) at System.Data.Linq.SqlClient.SqlProvider.ExecuteAll(Expression query, QueryInfo[] queryInfos, IObjectReaderFactory factory, Object[] userArguments, ICompiledSubQuery[] subQueries) at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query) at System.Data.Linq.ChangeDirector.StandardChangeDirector.DynamicInsert(TrackedObject item) at System.Data.Linq.ChangeProcessor.SubmitChanges(ConflictMode failureMode) at System.Data.Linq.DataContext.SubmitChanges(ConflictMode failureMode) at Unify.Product.IdentityBroker.Repository.EntityLinqQueryConverterUtilitiesBase`4.GetCollectionKeyData(TEntityKey key, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass31_0.<convertitemtovalues>b__0(KeyValuePair`2 entityValueAndKey) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Enumerable.<selectmanyiterator>d__17`2.MoveNext() at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor) at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection) at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges() at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input) at Unify.Product.IdentityBroker.ConnectorEntityChangeProcessor.ProcessEntities(IEnumerable`1 connectorEntities, IEnumerable`1 repositoryEntities, IEntityChangesReportGenerator`2 reportGenerator) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys) at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page) at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate() ClientConnectionId:f57bfe7a-c01b-4101-87a7-e2809963b2e8 Error Number:2627,State:1,Class:14
To Reproduce:
Create two CSV connectors with duplicate schema, case sensitive. Run an import on both, recognise that the import succeeds.
Modify the schema of one of the connectors, changing only the casing of a field name. Re-run the import, and notice it fails with the exception above.
I've noticed this now across both the CSV connector and a custom connector. It also happens if you've got a field in the adapter with the same name, but differing in casing. You can test this by creating a constant field in one adapter that is the same as a unique schema field on your second connector, but only differing in casing. Run the connector import and the same error throws.
This issue is caused by the default SQL collation not matching that in code. Please use the workaround of changing field name to not clash.
If anyone comes up against this issue please let us know. Our current approach will be to add in support for new data layers, unless we get some new use cases.
Entities not created on Polling import
I am developing a Powershell connector. It uses exactly the same script for Full and Polling imports, just with a "-RunType Delta" switch for polling. The difference is all about how it detects how many users to look at - once it gets to creating the IdB entities the script is identical.
I have four new objects in the external system. They are correctly identified by the script on a Polling import, however the new entities are not created in IdB. When I run a Full import the entities are created. (I have done searches to confirm this)
The following log excerpt shows the four entities that should be created, but the changes reported are 0:
20171211,04:47:22,UNIFY Identity Broker,Logging,Information,Exchange Protected Import: Creating 4 entities,Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed1\, Changed1,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 20523 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed2\, Changed2,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 11831 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed3\, Changed3,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 73564915 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Logging,Information," Key : DN Value : CN=Supressed4\, Changed4,OU=ACT,OU=Users,OU=Accounts,OU=DEV,DC=domain Key : PersonNumber Value : 18582 Key : TerminationAutoReply Value : False Key : Status Value : ACTIVE Key : HiddenFromGAL Value : False ",Normal 20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Request to import changes from connector. Request to import changes from connector PowerShell Exchange PROTECTED.",Normal 20171211,04:47:23,UNIFY Identity Broker,Connector,Information,"Import changes from connector completed. Import changes from connector PowerShell Exchange PROTECTED reported 0 changes. Duration: 00:00:00",Normal 20171211,04:47:23,UNIFY Identity Broker,Change detection engine,Information,"Change detection engine import changes completed. Change detection engine import changes for connector PowerShell Exchange PROTECTED returned 0 possible changes. Duration: 00:00:04.8439784",Normal
The part of the script the creates the entities is as follows. When I generated that log above I had the two lines uncommented that log the full $entity:
### ### Create/update entities ### if ($ManagedUsers.count -gt 0) { $logger.LogInformation("$LogPrefix Creating {0} entities" -f $ManagedUsers.count.ToString()) foreach ($user in $ManagedUsers) { $entity = $entities.Create() $entity["PersonNumber"] = $user.employeeNumber $entity["DN"] = $user.DistinguishedName $entity["Status"] = $user.extensionAttribute13 if ($Mailboxes.ContainsKey($user.DistinguishedName)) { $mb = $Mailboxes.($user.DistinguishedName) $entity["DirectPermissions"] = $mb.DirectPermissions $entity["HiddenFromGAL"] = $mb.HiddenFromGAL $entity["MailboxType"] = $mb.MailboxType $entity["PrimaryEmailAddress"] = $user.mail $entity["ProxyEmailAddresses"] = $mb.EmailAddresses $entity["TerminationAutoReply"] = $mb.TerminationAutoReply $entity["TerminationMailCount"] = $mb.TerminationMailCount } else { $entity["DirectPermissions"] = $null $entity["HiddenFromGAL"] = $false $entity["MailboxType"] = $null $entity["PrimaryEmailAddress"] = $null $entity["ProxyEmailAddresses"] = $null $entity["TerminationAutoReply"] = $false $entity["TerminationMailCount"] = $null } #[string]$str = $entity | fl | out-string #$logger.LogInformation($str) $entity.Commit() } }
I'm on v5.1.0 Revision #1. I should be able to upgrade but it's a bit of a process to get software into the environment, so is there anything else I should be looking at?
You were right - I had the default (Entity Id) selected when I needed Entity. I thought this seemed familiar - I have definitely hit this before.
Code Samples for Identity Broker Plus v5.1 PowerShell Tasks
Hello - I'm looking for Sample scripts to perform post-provisioning and pre-provisioning PowerShell scripts as part of IDB Plus. Knowledge base articles show some basic info on syntax but would like to see sample scripts which then could be customized.
Thanks for the suggestion, Dilip.
I've added an example to the bottom of PowerShell Task.
IdB search logging on Diagnostic instead of Verbose
With the Powershell connector I add lots of logging into my scripts. When troubleshooting I want to bump the log level up to Verbose so I can see my Information logs - however IdB UI search logging also seems to run at this level. So if I put "My Powershell script" as a search in the IdB Logs UI it fills up with lots of logging about that particular search string, making it hard for me to track my own logs. Could the IdB search logging be moved to a Diagnostic setting?
Yes, easy enough to do and agree that it's a more sensible log level for this message.
Workday Identity Broker information
Hi,
I would like to know somethings about the Workday Identity Broker.
1. Does the Identity Broker honor the Workday +7 hrs time difference or does it ignore it?
2. What data gets imported via the Delta stages when it Imports it from Workday?
Would anyone be able to assist in finding out those questions
Kind Regards
Werner
Hi Werner,
1. Are you referring to the buggy/inconsistent handling of time-zones by Workday? If so, the connector accounts for it where we have noticed it being an issue. Currently this is on the Polling import calls (Worker and Organization - using the timezone offset setting), as well as the comparison against hire date and seniority date (uses a date comparison instead of time based).
2. I've added a note to the Usage section on the Workday Worker Connector.
Thanks.
Customer support service by UserEcho