Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

0
Not a bug

GUI issue after an update to Aurion IDB Connector 4.1.3

Anthony Soquin 1 month ago in Identity Broker for Aurion • updated by Adam van Vliet (Product Manager) 1 month ago 17

Hi,

After the update of the Aurion IDB Connector 4.1.3 from 4.1.0 on Identity Broker Service 4.1.0.

I have the following web page when I try to configure the connector:


Instead of :


I followed the following guide installation: https://unifysolutions.jira.com/wiki/spaces/IDBAUR41/pages/54165644/Installation

Do you have an idea from the root cause and how to fix it?

Thanks in advance

Regards,

Answer

The issue is caused by being on a DEV version of Identity Broker. Either upgrade to the RTM, or the latest v4.1.x.

0
Answered

Aurion Security User User_Name

Carol Wapshere 1 month ago in Identity Broker for Aurion • updated 4 weeks ago 17

I'm having a problem with a number of Aurion Security Users getting a UserName (which is actually the Display Name) of only their Surname, instead of "Surname, FirstName". MIM Sync is queuing the correct value to be exported through IdB, but the value does not get changed in Aurion.

I have manually changed someone's UserName in Aurion (as the same account that IdB uses) but it gets reverted to Surname.

I have run a series of Full Import Syncs and Exports with the Verbose logging on. In on case I see this:

Add entities [Count:126] to connector Aurion Security User Connector failed with reason Aurion API error -1: System Status is currently set to Exclusive. Access Denied.. Duration: 00:00:01.0140260
Error details:
System.Exception: Aurion API error -1: System Status is currently set to Exclusive. Access Denied.
   at Unify.Communicators.AurionWSCommunicator.Logon(String userName, String password)
   at Unify.Communicators.AurionAgent.Open()
   at Unify.Connectors.AurionSecurityUserConnector.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)
   at Unify.Product.IdentityBroker.EventNotifierUpdatingConnectorDecorator.UpdateEntities(IEnumerable`1 entities, IEnumerable`1 originalEntities, ISaveEntityResults`2 results)",Normal

But elsewhere I see this, which looks like it should have worked:

Add entities [Count:126] to connector Aurion Security User Connector reported 126 entities saved. Duration: 00:00:10.4522680",Normal
Answer
Curtis Lusmore 4 weeks ago

Hi Carol,

Please find attached Aurion Patches.zip which contains two potential patches for this issue. The DLL inside the Quote directory wraps quotes (") around values containing commas (,) and the DLL inside the Bullet directory replaces the delimiter with a bullet (•). Please test both and let us know how they go.

Edit: Carol has confirmed that the bullet works.

0
Answered

IdB 4.1.0 support for Aurion 11.30

Michael Smith 2 months ago in Identity Broker for Aurion • updated by Anthony Soquin 1 month ago 4
Working with the following IdB and Aurion connector versions:


I noticed the below statement:
"Aurion v10.1.2.04 MR1 or higher." - https://unifysolutions.jira.com/wiki/spaces/IDBAUR41/pages/54165664/Prerequisites

Want to confirm:
1. Aurion connector version 4.1.2 supports Aurion 11.30
2. Any known issues with the upgrade from Aurion connector version 4.1.0 to 4.1.2.
3. Any known issues with IdB regarding Aurion upgrade to 11.30

Answer
  1. We support versions greater than v10.1.2.04 MR1
  2. Not unless there's documentation or issues raised (we're improving the known issues section on the release notes in the future to better capture this)
  3. Yes, see release notes (Aurion 11.16 has a breaking change which we have released a workaround for)
0
Answered

Mapping Aurion security user ExternalMailType

Carol Wapshere 2 months ago in Identity Broker for Aurion • updated by anonymous 2 months ago 5

I am trying to set an additional value on the Aurion Security User on provisioning. The Aurion attribute is T803F275_EXTERNAL_MAIL.T803_SECURITY_USER, it is of type String, and needs to be set to the value "10".

I have had this attribute added to the Aurion report and mapped it in the Connector config file (it comes through to me as "Mail"). I can run a connector import and see all the entities with a value of "10" in this field.

When I provision a new connector space object in MIM the value is populated, however on export the export does actually run and the Aurion Security User gets created, however the Mail value is blank. There are no errors at all in the IDB log file.

Answer

Hi Carol,

The field is "ExternalMailType" (it comes through the schema provider). Add this field name and map it to the "Mail" attribute from the query results

Thanks.

0
Not a bug

Given_Names not appearing in Connector

Matthew Woolnough 5 months ago in Identity Broker for Aurion • updated by anonymous 5 months ago 4

Given_Names is included in Schema of the Aurion Connector. I can see the attribute has values in Wireshark packet trace as seen below, but no objects have a value in the attribute in the connector.


<AQT_Output>
  <Employee_Number>546</Employee_Number>
  <Person_Number>546</Person_Number>
  <Surname>Lord</Surname>
  <Given_Names>Dale Brendan</Given_Names>
  <Preferred_Name>Dale</Preferred_Name>
  <Salutation>Mr</Salutation>
  <Person_Type>EMPLOYEE</Person_Type>
  <Employment_Type_Code>CA</Employment_Type_Code>
  <Actual_Position_Number>L42368V</Actual_Position_Number>
  <Actual_Organisation_Unit_Number>426</Actual_Organisation_Unit_Number>
  <Date_Commenced>01-JUL-1999</Date_Commenced>
  <Date_Terminated></Date_Terminated>
  <Contract_Expiry_Date></Contract_Expiry_Date>
  <Leave_Date_From></Leave_Date_From>
  <Leave_Date_To></Leave_Date_To>
  <Leave_Type_Code></Leave_Type_Code>
  <Organisation_Unit_Level_01>APRA Members</Organisation_Unit_Level_01>
  <Organisation_Unit_Level_02>Specialised Institutions</Organisation_Unit_Level_02>
  <Organisation_Unit_Level_03>Sth West-Melb (SID)</Organisation_Unit_Level_03>
  <Primary_Cost_Code>SID310</Primary_Cost_Code>
  <Attendance_Type_Code>FULL</Attendance_Type_Code>
  <Actual_Location_Code>MELB</Actual_Location_Code>
 </AQT_Output>


Answer
anonymous 5 months ago

When you edit your connector settings, does the mapping look like the screenshot here? If so, the problem is that you don't have a GivenNames field in the schema - rename the Given_Names schema field to GivenNames.

0
Answered

Query T001F065_ACTUAL_POSITION_NO in IdB 5.x Aurion Position query

Matthew Woolnough 6 months ago in Identity Broker for Aurion • updated by anonymous 5 months ago 5

Client DBA was able to determine that the Aurion position connector actually runs 3 queries in IDB version 3 and 5.  

The first and third are identical but the second script is totally different. 

In version 3, the position appears to be retrieved from "T001F065_ACTUAL_POSITION_NO" whereas in version 5 appears to try to determine position information from "T101F005_POSITION_NO". 

Is it possible to have the position query retrieve data from "T001F065_ACTUAL_POSITION_NO" in IdB 5.x?



Answer
anonymous 5 months ago

OK, It sounds as though there is a misalignment between dev & prod. Will ask them to update the environment.

0
Answered

How can I get adapter to recognise existence of key?

Matthew Woolnough 6 months ago in Identity Broker for Aurion • updated by anonymous 6 months ago 3

I have chosen not to use mapping on adapters which do not require write back into Aurion as it's much easier to configure.  I am however getting an error when I try to use the Key.   The Key is a required field, but Identity Broker does not recognise this due to the mapping.  Error is below:


Error in adapter Aurion Schedules - Organisation distinguished name configuration: The DN component part 'UID=[OrganisationUnitNumber]' could not be executed as the field OrganisationUnitNumber is not required. An empty field would result in a DN of 'UID='. 

Is it possible to resolve this, or do I need to go back to mapping?





Answer
anonymous 6 months ago

You should be able to just update the field on the connector to be required. Unless it's generated in the target system - in which case you'll need a different DN, e.g. the entity id.

0
Not a bug

Aurion Position import fails because key has been duplicated

Matthew Woolnough 6 months ago in Identity Broker for Aurion • updated by anonymous 6 months ago 3

Created a connector for Aurion Positions to match the one if Idb3 & getting a duplicate key error.  I can't see any duplicates in the data when I trace the traffic using Wireshark. 

20170522,22:44:43,UNIFY Identity Broker,Connector,Information,"Request to import all entities from connector.
Request to import all entities from connector Aurion Position.",Normal
20170522,22:44:43,UNIFY Identity Broker,Connector,Information,"Import all entities from connector completed.
Import all entities from connector Aurion Position return 671 entities. Duration: 00:00:00",Normal
20170522,22:44:43,UNIFY Identity Broker,Connector Processor,Information,"Connector Processing started.
Connector Processing started for connector Aurion Position (page 1)",Normal
20170522,22:44:44,UNIFY Identity Broker,Connector Processor,Information,"Connector processing failed.
Connector Processing page 1 for connector Aurion Position failed with reason The key L32190N has been duplicated.. Duration: 00:00:00.2500002. 
Error details:
System.ArgumentException: The key L32190N has been duplicated.
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
   at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page)
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()",Normal
20170522,22:44:44,UNIFY Identity Broker,Change detection engine,Error,"Change detection engine import all items failed.
Change detection engine import all items for connector Aurion Position failed with reason An error occurred while evaluating a task on a worker thread.  See the inner exception details for information.. Duration: 00:00:10.7189045
Error details:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread.  See the inner exception details for information. ---> System.ArgumentException: The key L32190N has been duplicated.
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.DuplicateKeyBase(MultiKeyValue`1 arg1)
   at Unify.Framework.Collections.EnumerableExtensions.ToDictionaryWithKeyClashError[TKey,TValue,TOriginal](IEnumerable`1 originalEnumerable, Func`2 keySelector, Func`2 valueSelector, Action`3 duplicateAction)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, Func`2 retrieveEntities, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.EntityRepositoryExtensions.ConvertConnectorEntitiesWithRepositoryEntities(IEnumerable`1 connectorEntities, IMultiKey`1 schemaKey, IKnownEntityContextBase`3 context, Guid connectorId, IEnumerable`1 originalEntities, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_0.<performchangedetection>b__0(IEnumerable`1 page)
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
   --- End of inner exception stack trace ---
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForCompletedThreads()
   at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
   at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
   at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
   at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
   at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
   at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<run>b__0()
   at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal</run></performchangedetection></performchangedetection>


Answer
anonymous 6 months ago

The data retrieved by SOAPUI contains 2 positions with the same code as per the error in 5.1.

Has the handling of this scenario in IdB changed? I'm interested to know why 3.1 does not throw an error. 


0
Answered

Aurion Attribute Mapping broken & possibly not required anymore

Matthew Woolnough 6 months ago in Identity Broker for Aurion • updated by anonymous 6 months ago 7

Using Aurion connectors, I have 4 types:

  • Schedule
  • Security User
  • Person
  • Generic

If I use Security User as an example, immediately after creating the connector I get the error "Aurion connectors require Query Mappings to be configured for imports to successfully complete. Please reconfigure this connector to update the Query Mappings."

1) If I use the "default Security User schema", an incorrect schema is created and I need to guess the correct attribute names.

If I use the "query fields" option, the correct names are created & have the option to do mapping in the connector which is very time consuming, or I can have the adapter do it automatically. 

2) Is it necessary/advisable to do this mapping in the connector?




Answer
anonymous 6 months ago

The default schema allows the fields to be exported to, they are the names that are required for the API to work. Due to a mismatch in Aurion (and the ability to rename fields in the query tool), there needs to be a mechanism to map between the differently named fields.

The default schema should be used for the connectors that have one. Then use the mapping tool to map between these field names and those that are returned by the query (or the query schema provider).

0
Answered

cd-error exporting to IdB

Carol Wapshere 8 months ago in Identity Broker for Aurion • updated 7 months ago 17

I need some help troubleshooting an issue exporting updates to Aurion Security Users.

- The IdB connector is using the standard Aurion Security User connector.

- The adapter connects only to the connector - no joins or transformations.

- When I try to export from MIM I see "cd-error" on all exports - but there is no message.

- There is nothing in the IdB logs about this adapter at all - it's like it isn't even getting that far.

- I can refresh the MA schema, I have also cleared the connector space and re-imported from IdB - so I know connectivity to IdB is fine.

I have tried enabling Verbose logging and an IdB trace (sent separately). I'm looking for suggestions about how else I can troubleshoot this.

Answer
anonymous 7 months ago

Resolved by switching the adapter DN template to UID=@IdBID