0
Answered

Error during SCIM operation: System.InvalidOperationException: Sequence contains more than one element

Adrian Corston 2 years ago in UNIFYBroker Service updated by Beau Harrison (Senior Product Software Engineer) 2 years ago 5

I am seeing the above error *sometimes* when attempting to update a user via SCIM.

In every case of the error that I've seen SCIM has been trying to update a single field (Role) which is mapped from Azure's large "appRoleAssignments" XML field value, but I don't actually know if that's relevant or coincidental.

The full stack trace is:

20220428,11:53:00,UNIFYBroker,Logging,Information,Healthcheck,Normal
20220428,11:54:00,UNIFYBroker,Logging,Information,Healthcheck,Normal
20220428,11:54:05,UNIFYBroker,SCIMGateway,Error,"Error during SCIM operation: System.InvalidOperationException: Sequence contains more than one element
at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source)
at Unify.Product.IdentityBroker.SCIMProvider.Patch(IAdapterEntity adapterEntity, PatchRequest2 patch, ISCIMGatewayMapping mappings, IValueAdapter`2 valueAdapter, IEntitySchema schema)
at Unify.Product.IdentityBroker.SCIMProvider.d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SystemForCrossDomainIdentityManagement.ProviderBase.d__45.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SystemForCrossDomainIdentityManagement.ProviderAdapterTemplate`1.d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SystemForCrossDomainIdentityManagement.ControllerTemplate`1.d__5.MoveNext()",Normal
20220428,11:55:00,UNIFYBroker,Logging,Information,Healthcheck,Normal

Here's the Azure provision on demand output that corresponds to the error:

Image 6281


I can't work out why this happens for some user updates, but others go through just fine.  Since I can't packet trace the SCIM protocol in UNIFYConnect environment my ability to debug this is limited, and unfortunately right now I don't really have time to set up a non-UNIFYConnect test environment to debug what's going on.

The backing connector for the SCIM gateway is a PowerShell one, but the error appears to be occurring before it's even called.

I saw https://voice.unifysolutions.net/en/communities/6/topics/3913-sequence-contains-more-than-one-element for the same error, but I am running the latest of everything so the advice on that ticket (upgrade) didn't help.

Do you have any hints what might be going on to result in that error message?

I repeated the process that resulted in the error above a second time, by deleting the connector entity (in the underlying CSV file backing the PowerShell connector and running an Import All), recreated the entity via SCIM, then updated it, and that update worked just fine this time:

Same field (SCIM field name 'title', mapped from 'appRoleAssignments' in Azure to 'Role' in my apapter).  No errors in the UNIFYBroker log this time - just my trace writes (in a reverse transformation) showing the value updating correctly in the adapter and the PowerShell connector's Update script.

Under review

Hi Adrian

Has this occurred after the latest patch from this issue was deployed? The only place I can see that should raise this error got a more explicit error message in that patch.

Is there anyway for you to get the XML from 'appRoleAssignments' that's causing the error without network tracing? Without this, I haven't been able to determine a cause, but I've improved upon fixed from the last few issues in a way that should me much more resilient to unexpected update values. Wasn't able to get this deployed week, however.

Unfortunately not - the error occurs before any PowerShell is invoked, so I don't have any way to access that value.  Sorry :(

However, as per https://voice.unifysolutions.net/en/communities/6/topics/4315-disable-delete-scim-operation-errors-in-unifybroker-scim-gateway I believe the issue might actually be related to something else.  But unfortunately that's just conjecture.

I've emailed David to find out whether or not he applied that patch into this environment (same one as 4313).

Answered

Closing as I believe this one was resolved. Let me know if not.