Introduction

The purpose of this task is to remove all tokens from the token repository of a specific product  that have been assigned to users in a specific domain (optionally, token deletion can be further restricted to inactive tokens).

The task can be found by navigating to "Administration | Tasks", then scrolling down to the task "Delete all tokens in domain by product";

Task Parameters

The task parameters are used by the task script to determine which tokens are to be deleted and are edited by left clicking on the context menu of the task and selecting "Parameters";

A new window titled "Task Parameters" will now open that lists the parameters making them available for editing, and the default parameters for this task are as follows;




Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

Specifies the Product Code of the tokens to be deleted.


Specifies if only inactive tokens are to be deleted when the task is run.

The parameters may then be editing by selecting one of the parameters, then clicking on the button.

  • Before tasks are scheduled (or run manually), we should provide the task parameters that are used during processing of the task script.

    To access the task parameters left click on the context menu of the task then select "Parameters";

    A new window titled "Task Parameters" will now open that lists the parameters that have been created for this task (see example below);



    Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

    Specifies the Product Code of the tokens to be deleted.


    Specifies if only inactive tokens are to be deleted when the task is run.

    In the top right hand corner of this window are the buttons that all viewing, editing and deletion of task parameters;

    To edit one of the listed parameters first select the parameter to be edited then click on the button.

    A new window will now open that will allow you to edit the parameter (example below);

    In most cases the only value that should be changed is the "Default Value" setting.

    If the default value is updated, and the button is pressed, then this new value will be used by the task script next time the task is run.

Editing and Scheduling the Task

Viewing and Editing the task

The task can be edited by left clicking on the context menu of the task and selecting "Edit";

A new window will now open titled "Task - Edit";




Enter the name to be assigned to the task within the management console.


Enter a description of what the task will do.


The version number of the task.


This field is used to specify when the task is scheduled to execute;

(see "Scheduling the Task Execution Time and Frequency [MC-TKTD]" in the Related Articles section below).


This field will determine if the task schedule is enabled (if enabled the task will execute at the scheduled time).


Specifies how many times the task should be repeated after the task is executed.



                import com.deepnet.das.token.*
                import com.deepnet.das.exception.ProductNotFoundException
                import com.deepnet.das.util.*
                import com.deepnet.das.domain.Domain
                import com.deepnet.das.domain.Unit
                import com.deepnet.das.domain.LdapUnit
                import com.deepnet.das.exception.DomainNotFoundException
                import com.deepnet.das.exception.GroupNotFoundException
                import com.deepnet.das.identitysource.*
                import com.deepnet.das.identitysource.IdentitySourceType
                import com.deepnet.das.usergroup.Group
                import com.deepnet.das.usergroup.LdapGroup
                import com.deepnet.das.licence.LicenceManager

                if (Util.isNull(removeInactiveTokensOnly)) {
                    removeInactiveTokensOnly = true;
                }
                if (!Util.isNullOrEmpty(product)) {
                    def prod = Product.findById(product as long)
                    if(!prod)
                        throw new ProductNotFoundException()
                    deleteAllADTokensByProduct(domainName, groupName, removeInactiveTokensOnly, prod)
                } else {
                    deleteAllADTokensByProduct(domainName, groupName, removeInactiveTokensOnly)
                }

                def deleteAllADTokensByProduct(String domainName, String groupName, boolean onlyRemoveInactiveTokens, def prod = null) {
                    Domain domain = Domain.findByName(domainName)
                    if (!domain) {
                        throw new DomainNotFoundException(domainName)
                    }
                    Group group = findGroupFromDomain(domain, groupName)
                    if (!group) {
                        throw new GroupNotFoundException()
                    }
                    int deleteCount = 0;
                    int totalToken = 0;
                    int totalUser = 0;

                    group.eachUser { u ->
                        totalUser++
                        def tas = u.tokenAssignments.findAll{true};
                        if (tas) {
                            if (prod != null) {
                                tas = tas.findAll {it.token.product.id == prod.id}
                            }
                            totalToken += tas.size();
                            if (onlyRemoveInactiveTokens) {
                                tas = tas.findAll {it.status == AssignmentStatus.INACTIVE.toString()}
                            }
                            tas.each { ta ->
                                u.unassignToken(ta.token);
                                deleteCount++;
                            }
                        }

                        onProgress(totalUser, deleteCount + " tokens of " + totalUser + " users deleted");
                    }
                    def msg =  " deleted:  " + deleteCount + " tokens from " + totalUser + " users and " + totalToken + " tokens"
                    LicenceManager.triggerStatistics()
                    setEndMessage(msg)
                }

                Group findGroupFromDomain(Domain domain, String groupName) {
                    if (domain.identitySource.type == IdentitySourceType.SQL) {
                        return Group.findByDomainAndName(domain, groupName)
                    } else if (domain.identitySource.type == IdentitySourceType.LDAP) {
                        def list = LdapGroup.searchInLdap(domain, [["name", "=", groupName]])
                        if (!list || !list.rows)
                            return null
                        return list.rows.get(0)
                    }
                }


Scheduling the Task

Select the "Enable Schedule" checkbox to ensure the task schedule is activated, then use the pencil icon ("")  to specify the time and frequency settings for automated task execution.

  • Tasks can be scheduled for automatic execution by selecting the "Schedule Enable" option then clicking on the icon;

    When the is pressed a window will open titled "Schedule" that can be used to specify the when the report is scheduled to run; 


    As an example, we can schedule the report to run at 1am every weekday using the following settings;

    After clicking on the schedule details will be converted into text form and added against the report parameter "Schedule"; 

Manual Task Execution

The task can be run manually from the management console by left click on the context menu of the task, then selecting "Run";

A new window headed "Execute Task" will now open allowing you to edit the task parameters prior to running the task;




Provide a brief description that will be used to describe the purpose of the task in the audit log.


Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

If specified, this property will restrict token deletion to tokens that have the specified Product Code.

If selected on tokens that are inactive and meet the other criteria will be deleted.

To execute the task click  the  button.

  • Tasks can be run manually from the management console by left click on the context menu of the task, then selecting "Run";

    A new window will open titled "Execute Task" will then open (the window will be populated with the default task property values for this task (example below);




    Provide a brief description that will be used to describe the purpose of the task in the audit log.


    Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

    If specified, this property will restrict token deletion to tokens that are assigned to users who are members of the selected Unit.


    If supplied this parameter specifies that only tokens with the specified Product will be deleted.



    Specifies if only inactive tokens are to be deleted when the task is run.



    Before manually running the task the system administrator has the opportunity to temporarily replace these default values (the default values will return to their original state after the task has run).

    When you have finished supplying the property settings, the task can be manually run by clicking on the  button. 

  • No labels