Filter Token, which are assigned but user is not in UserIDResolver anymore


#1

Hi there,

is there any possibility to filter all token, which are assigned, but the assigned user cannot be found in the given resolver anymore (without using usercache)?
I want to clean up the token-database, so that orphaned tokens of user, which do not belong to the vpn-ad-group anymore, can be deleted.
The GET /token - API does not allow the needed filters.

Kind regards

Axel


#2

Hi Axel,

You can use the privacyidea-token-janitor tool for this task:
$ privacyidea-token-janitor find --orphaned 1
It also allows to delete the found tokens with --action delete.

Regards
Paul


#3

Hello Paul,

just tested this tool and I it is awesome.
That was one main issue with the former LinOTP-Software, which resulted in various orphaned tokens. Janitor provides the exact solution(s) I needed.

Thank you very much and thumbs up for privacyIDEA and its tools.

Kind regards

Axel