Reconcile With Case-Insensitive Data Stores

Identity Cloud is case-sensitive, which means that an uppercase ID is considered different from an otherwise identical lowercase ID during reconciliation. Some data stores, such as ForgeRock Directory Services (DS), are case-insensitive. This can be problematic during reconciliation, because the ID of the links created by reconciliation might not match the case of the IDs expected by Identity Cloud.

If a mapping inherits links by using the links property, you do not need to worry about case-sensitivity, because the mapping uses the setting of the referred links.

Alternatively, you can address case-sensitivity issues with target systems in the following ways:

  • Specify a case-insensitive data store. To do so, set the sourceIdsCaseSensitive or targetIdsCaseSensitive properties to false in the mapping for those links. For example, if the source LDAP data store is case-insensitive, set the mapping from the LDAP store to the managed user repository as follows:

    "mappings" : [
        {
            "name" : "systemLdapAccounts_managedUser",
            "source" : "system/ldap/account",
            "sourceIdsCaseSensitive" : false,
            "target" : "managed/realm-name_user",
            "properties" : [
        ...

    You might also need to modify the connector configuration, setting the enableFilteredResultsHandler property to false:

    "resultsHandlerConfig" :
    {
        "enableFilteredResultsHandler":false
    },

    Caution

    Do not disable the filtered results handler for the CSV file connector. The CSV file connector does not perform filtering. Therefore, if you disable the filtered results handler for this connector, the full CSV file will be returned for every request.

In general, to address case-sensitivity, focus on database-, table-, or column-level collation settings. Queries performed against repositories configured in this way are subject to the collation, and are used for comparison.

Read a different version of :