Introduction
The purpose of this task is to remove all tokens from the token repository of a specific product and manufacturer, that have been assigned to users in a specific group and domain (optionally, token deletion can be further restricted to inactive tokens).
One possible use of this tasks is to create a new Group in AD, then add all disabled users to this unit, then use this task to delete all tokens for a specified product (e.g. all "MobileID" tokens in the group).
The task will either use previously supplied default task parameters, or will be manually supplied by the system administrator after the task is run from the management console.
The task can be found by navigating to "Administration | Tasks", then scrolling down to the task "Delete all tokens in Group by product";
Task Parameters
The task parameters are used by the task script to determine which tokens are to be deleted and are edited by left clicking on the context menu of the task and selecting "Parameters";
A new window titled "Task Parameters" will now open that lists the parameters making them available for editing, and the default parameters for this task are as follows;
Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task. |
|
If supplied, this property will restrict token deletion to tokens that are assigned to users who are members of the selected Group. |
|
if supplied, this property specifies the product of the tokens to be deleted. |
|
Specifies if only inactive tokens are to be deleted when the task is run.
|
|
|
|
The parameters may then be editing by selecting one of the parameters, then clicking on the button.
Editing and Scheduling the Task
Viewing and Editing the task
Task can be edited by left clicking on the context menu of the task and selecting "Edit";
A new window titled "Task Parameters" will now open that lists the parameters that have been created for this task;
|
Enter the name to be assigned to the task within the management console. |
|
Enter a description of what the task will do. |
|
The version number of the task. |
|
This field is used to specify when the task is scheduled to execute. |
|
This field will determine if the task schedule is enabled (if enabled the task will execute at the scheduled time). |
|
Specifies how many times the task should be repeated after the task is executed. |
|
import com.deepnet.das.token.* import com.deepnet.das.exception.ProductNotFoundException import com.deepnet.das.util.* import com.deepnet.das.domain.Domain import com.deepnet.das.domain.Unit import com.deepnet.das.domain.LdapUnit import com.deepnet.das.exception.DomainNotFoundException import com.deepnet.das.exception.GroupNotFoundException import com.deepnet.das.identitysource.* import com.deepnet.das.identitysource.IdentitySourceType import com.deepnet.das.usergroup.Group import com.deepnet.das.usergroup.LdapGroup import com.deepnet.das.licence.LicenceManager if (Util.isNull(removeInactiveTokensOnly)) { removeInactiveTokensOnly = true; } if (!Util.isNullOrEmpty(product)) { def prod = Product.findById(product as long) if(!prod) throw new ProductNotFoundException() deleteAllADTokensByProduct(domainName, groupName, removeInactiveTokensOnly, prod) } else { deleteAllADTokensByProduct(domainName, groupName, removeInactiveTokensOnly) } def deleteAllADTokensByProduct(String domainName, String groupName, boolean onlyRemoveInactiveTokens, def prod = null) { Domain domain = Domain.findByName(domainName) if (!domain) { throw new DomainNotFoundException(domainName) } Group group = findGroupFromDomain(domain, groupName) if (!group) { throw new GroupNotFoundException() } int deleteCount = 0; int totalToken = 0; int totalUser = 0; group.eachUser { u -> totalUser++ def tas = u.tokenAssignments.findAll{true}; if (tas) { if (prod != null) { tas = tas.findAll {it.token.product.id == prod.id} } totalToken += tas.size(); if (onlyRemoveInactiveTokens) { tas = tas.findAll {it.status == AssignmentStatus.INACTIVE.toString()} } tas.each { ta -> u.unassignToken(ta.token); deleteCount++; } } onProgress(totalUser, deleteCount + " tokens of " + totalUser + " users deleted"); } def msg = " deleted: " + deleteCount + " tokens from " + totalUser + " users and " + totalToken + " tokens" LicenceManager.triggerStatistics() setEndMessage(msg) } Group findGroupFromDomain(Domain domain, String groupName) { if (domain.identitySource.type == IdentitySourceType.SQL) { return Group.findByDomainAndName(domain, groupName) } else if (domain.identitySource.type == IdentitySourceType.LDAP) { def list = LdapGroup.searchInLdap(domain, [["name", "=", groupName]]) if (!list || !list.rows) return null return list.rows.get(0) } } |
|
|
|
Scheduling the Task
Select the "Enable Schedule" checkbox to ensure the task schedule is activated, then use the pencil icon ("") to specify the time and frequency settings for automated task execution.
A new window headed "Execute Task" will now open allowing you to edit the task parameters prior to running the task;
Manual Task Execution
The task can be run manually from the management console by left click on the context menu of the task, then selecting "Run";
A new window headed "Execute Task" will now open allowing you to edit the task parameters prior to running the task;
Provide a brief description that will be used to describe the purpose of the task in the audit log.
|
|
Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task. |
|
Specify the group that assigned users of the tokens must be members of this group if tokens are to be deleted by the task. |
|
If specified, this property will restrict token deletion to tokens that have the specified Product Code. |
|
If selected on tokens that are inactive and meet the other criteria will be deleted. |
|
|
|
To execute the task click the button.