17.16 Orphaned Identity Objects

When a persistent federation is configured or a transient federation with user mapping is configured by using Liberty, SAML 1 and SAML 2.0, the federation objects are created in the configuration store.When you delete or disable a user object, the objects in the configuration datastore related to this specific user become orphaned. These orphaned user profile objects affect the user lookup operations and system performances. These objects have to be removed manually using the Defed Tool: Federation Entry Management.

This tool clears all the orphaned federation objects related to Liberty, SAML 1, and SAML 2 from the trust and configuration datastore, except for Shared Secret entries.

NOTE:When the Access Manger setup includes Access Gateway and no persistent or transient federations have been configured, these objects are not created.

Linux:

  1. Change the current working directory to /opt/novell/devman/nam_tools/ from a terminal.

  2. Run this command:

    /opt/novell/java/bin/java -classpath .:./lib/nam_tool.jar:./lib/nidp.jar:./lib/NAMCommon.jar:./lib/bcprov-jdk15-140.jar -Djava.util.logging.config.file=./conf/logging.properties com.novell.nam.tools.defed.DefedTool

  3. The Defed tool will ask either to delete the orphan objects orexit from the tool. Select the option to delete the orphan objects. The tool will ask you to provide the IP address, port, user DN, and password.

  4. The Defed tool deletes the orphaned federation objects and gives the summary of total number of federation entries encountered and number of the federation objects deleted.

    This tool can be used to perform the operation on remote server too.

Windows:

  1. Go to the C:\Program Files (x86)\Novell\nam_tools folder.

  2. Run this command:

    C:\Program Files (x86)\Novell\nam_tools>java -cp lib/nam_tool.jar;lib/nidp.jar;lib/NAMCommon.jar;lib/bcprov-jdk15-140.jar -Djava.util.logging.config.file=conf\logging.properties com.novell.nam.tools.defed.DefedTool

  3. Provide IP address, port, user DN, and password.

  4. The Defed tool deletes the orphaned federation objects and gives the summary of total number of federation entries encountered and number of the federation objects deleted.

    This tool can be used to perform the operation on remote server too.