How do I reset the liveSync syncToken in Identity Cloud or IDM (All versions)?
The purpose of this article is to provide information on resetting the liveSync syncToken to zero (null) in ForgeRock Identity Cloud and IDM.
Overview
You can reset the syncToken to zero using the REST API.
In Identity Cloud, you will need to replace <tenant-env-fqdn> with your Identity Cloud tenant name and <access-token> with the access token you obtained when you authenticated to the Identity Cloud REST API (Authenticate to Identity Cloud REST API with access token) when you use these REST calls.
For IDM, you only need to reset the syncToken on one instance in the cluster as the syncToken is shared by all instances in a cluster.
Resetting the syncToken
You can reset the syncToken as follows:
- Query the _id of the sync data using the following REST call:
- Identity Cloud: $ curl \ --request GET 'https://<tenant-env-fqdn>/openidm/repo/synchronisation/pooledSyncStage?_queryFilter=true&_fields=_id' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'content-type: application/json'
- IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" "http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage?_queryFilter=true&_fields=_id"
- Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage?_queryId=query-all-ids
Example response:{ "result": [ { "_id": "SYSTEMLDAPACCOUNT" } ], "resultCount": 1, "pagedResultsCookie": null, "totalPagedResultsPolicy": "NONE", "totalPagedResults": -1, "remainingPagedResults": -1 }
- Retrieve the current _rev value of the syncToken using the following REST call, where SYSTEMLDAPACCOUNT is the _id value returned in step 1:
- Identity Cloud: $ curl \ --request GET 'https://<tenant-env-fqdn>/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'content-type: application/json'
- IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
- Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
Example response:{ "_rev": "000000001ade755f", "_id": "SYSTEMLDAPACCOUNT", "connectorData": { "nativeType": "integer", "syncToken": 100 } }
- Reset the syncToken to zero using the following REST call, where If-Match is set to the _rev value returned in step 2:
- Identity Cloud: $ curl \ --request DELETE 'https://<tenant-env-fqdn>/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'If-Match: 000000001ade755f'
- IDM 7 and later: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "If-Match: 000000001ade755f" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
- Pre-IDM 7: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "If-Match: 000000001ade755f" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
- Run liveSync via REST and check that the syncToken is updated. See Manage liveSync (Identity Cloud) or Manage liveSync (IDM) for information on triggering liveSync over REST.
- Update an entry in DS and verify that Identity Cloud or IDM is updated as expected.
See Also
Best practice for liveSync when syncing Identity Cloud to DS
Best practice for liveSync in IDM (All versions) with multiple DS instances
IDM (All versions) liveSync syncToken is out of sync with the DS changelog number
Related Training
N/A
Related Issue Tracker IDs
N/A