How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I reset the liveSync syncToken in Identity Cloud or IDM (All versions)?

Last updated May 19, 2022

The purpose of this article is to provide information on resetting the liveSync syncToken to zero (null) in ForgeRock Identity Cloud and IDM.


Overview

You can reset the syncToken to zero using the REST API. 

For IDM, you only need to reset the syncToken on one instance in the cluster as the syncToken is shared by all instances in a cluster.

Resetting the syncToken

You can reset the syncToken as follows:

  1. Query the _id of the sync data using the following REST call:
    • Identity Cloud: $ curl \ --request GET 'https://<tenant-name>.forgeblocks.com/openidm/repo/synchronisation/pooledSyncStage?_queryFilter=true&_fields=_id' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'content-type: application/json'
    • IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" "http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage?_queryFilter=true&_fields=_id"
    • Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage?_queryId=query-all-ids

Example response:{  "result": [     {       "_id": "SYSTEMLDAPACCOUNT"     }   ],   "resultCount": 1,   "pagedResultsCookie": null,   "totalPagedResultsPolicy": "NONE",   "totalPagedResults": -1,   "remainingPagedResults": -1 }

  1. Retrieve the current _rev value of the syncToken using the following REST call, where SYSTEMLDAPACCOUNT is the _id value returned in step 1:
    • Identity Cloud: $ curl \ --request GET 'https://<tenant-name>.forgeblocks.com/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'content-type: application/json'
    • IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
    • Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Content-Type: application/json" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT

Example response:{     "_rev": "000000001ade755f",      "_id": "SYSTEMLDAPACCOUNT",      "connectorData": {          "nativeType": "integer",          "syncToken": 100      } }

  1. Reset the syncToken to zero using the following REST call, where If-Match is set to the _rev value returned in step 2:
    • Identity Cloud: $ curl \ --request DELETE 'https://<tenant-name>.forgeblocks.com/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT' \ --header 'authorization: Bearer <access-token>' \ --header 'Accept-API-Version: resource=1.0' \ --header 'If-Match: 000000001ade755f'
    • IDM 7 and later: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" -H "If-Match: 000000001ade755f" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
    • Pre-IDM 7: $ curl -X DELETE -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "If-Match: 000000001ade755f" http://localhost:8080/openidm/repo/synchronisation/pooledSyncStage/SYSTEMLDAPACCOUNT
  2. Run liveSync via REST and check that the syncToken is updated. See Manage liveSync (Identity Cloud) or Managing LiveSync Over REST (IDM) for information on triggering liveSync over REST.
  3. Update an entry in DS and verify that Identity Cloud or IDM is updated as expected.

See Also

Best practice for liveSync when syncing Identity Cloud to DS

Best practice for liveSync in IDM (All versions) with multiple DS instances

IDM (All versions) liveSync syncToken is out of sync with the DS changelog number

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.