View Source

Introduction

The purpose of this task is to remove all unused tokens from the token repository that are assigned to users in a specified group.

The task can be found by navigating to "Administration | Tasks", then scrolling down to the task "Delete Unused Tokens by group";

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-26-25.png

Task Parameters

The task parameters are used by the task script to determine which tokens are to be deleted and are edited by left clicking on the context menu of the task and selecting "Parameters";

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-27-37.png

A new window titled "Task Parameters" will now open that lists the parameters making them available for editing, and the default parameters for this task are as follows;

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-30-57.png

Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

If specified, only tokens that have been assigned to users that are members of the specified group will be selected for deletion.

If specified, only tokens that have been assigned to users that have been inactive for the specified number of days will be selected for deletion.

Specifies the Product Code of the tokens to be deleted.

The parameters may then be editing by selecting one of the parameters, then clicking on the button.

Editing and Scheduling the Task

Viewing and Editing the task

The task can be edited by left clicking on the context menu of the task and selecting "Edit";

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-37-38.png

A new window will now open titled "Task - Edit";

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-34-4.png

Enter the name to be assigned to the task within the management console.

Enter a description of what the task will do.

The version number of the task.

This field is used to specify when the task is scheduled to execute.

This field will determine if the task schedule is enabled (if enabled the task will execute at the scheduled time).

Specifies how many times the task should be repeated after the task is executed.

import com.deepnet.das.token.*
import com.deepnet.das.exception.ProductNotFoundException
import com.deepnet.das.util.*
import com.deepnet.das.domain.Domain
import com.deepnet.das.domain.Unit
import com.deepnet.das.domain.LdapUnit
import com.deepnet.das.exception.DomainNotFoundException
import com.deepnet.das.exception.GroupNotFoundException
import com.deepnet.das.identitysource.*
import com.deepnet.das.identitysource.IdentitySourceType
import com.deepnet.das.usergroup.Group
import com.deepnet.das.usergroup.LdapGroup
import com.deepnet.das.licence.LicenceManager

Date now = new Date()
Date from = now - Integer.valueOf(days)

Domain givenDomain = Domain.findByName(domainName)
if (!givenDomain) {
throw new DomainNotFoundException(domainName)
}

Group givenGroup = findGroupFromDomain(givenDomain, groupName)
if (!givenGroup) {
throw new GroupNotFoundException()
}
if (!Util.isNullOrEmpty(product)) {
Product prod = Product.findById(product as long)
if(!prod)
throw new ProductNotFoundException()
deleteUnusedTokensByGroup(givenGroup, from, prod)
} else {
deleteUnusedTokensByGroup(givenGroup, from)
}

Group findGroupFromDomain(Domain domain, String groupName) {
if (domain.identitySource.type == IdentitySourceType.SQL) {
return Group.findByDomainAndName(domain, groupName)
} else if (domain.identitySource.type == IdentitySourceType.LDAP) {
def list = LdapGroup.searchInLdap(domain, [["name", "=", groupName]])
if (!list || !list.rows)
return null
return list.rows.get(0)
}
}

def deleteUnusedTokensByGroup(Group group, Date from, def prod = null) {
int deleteCount = 0;
int totalToken = 0;
int totalUser = 0;
group.eachUser { user ->
totalUser++
List<Token> tokens = user.tokens.findAll { it.lastUpdated < from }
if (tokens) {
if (prod != null) {
tokens = tokens.findAll { it.product.id == prod.id }
}
totalToken += tokens.size();
for (Token token in tokens) {
token.forceDelete()
deleteCount++;
}
}
onProgress(totalUser, deleteCount + " tokens of " + totalUser + " users deleted");
}

def msg = " deleted: " + deleteCount + " tokens from " + totalUser + " users and total " + totalToken + " tokens"
LicenceManager.triggerStatistics()
setEndMessage(msg)
}

Scheduling the Task

Select the "Enable Schedule" checkbox to ensure the task schedule is activated, then use the pencil icon ("") to specify the time and frequency settings for automated task execution.

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-18-1.png

Manual Task Execution

The task can be run manually from the management console by left click on the context menu of the task, then selecting "Run";

DualShield MFA Platform > Delete unused tokens by group > image2023-9-6_14-13-57.png

A new window will open titled "Execute Task" will then open (the window will be populated with the default task property values);

DualShield MFA Platform > Delete unused tokens by group > image2023-9-29_9-57-28.png

Provide a brief description that will be used to describe the purpose of the task in the audit log.

Specify the domain that assigned users of the tokens must be members of if the tokens are to be deleted by the task.

If specified, only tokens that have been assigned to users that are members of the specified group will be selected for deletion.

If specified, only tokens that have been assigned to users that have been inactive for the specified number of days will be selected for deletion.

If specified, this property will restrict token deletion to tokens that have the specified Product Code.

To execute the task click the button.