When a transient federation with user mapping or a persistent federation is configured by using Liberty, SAML 1.1, or SAML 2.0, the federation objects are created in the configuration store. When you delete or disable a user object, the objects in the configuration datastore related to this specific user become orphaned. These orphaned user profile objects affect the user lookup operations and system performances. You can remove these objects manually by using Defed Tool: Federation Entry Management.
This tool clears all orphaned federation objects related to Liberty, SAML 1.1, and SAML 2.0 from the trust and configuration datastore, except for Shared Secret entries.
When the Access Manger setup includes Access Gateway and no persistent or transient federations have been configured, these objects are not created.
Change the current working directory to /opt/novell/devman/nam_tools/ from a terminal.
Run the following command:
/opt/novell/java/bin/java -classpath .:./lib/nam_tool.jar:./lib/nidp.jar:./lib/NAMCommon.jar:./lib/bcprov-jdk15on-157.jar:./lib/jcce-1.1.2.jar -Djava.util.logging.config.file=./conf/logging.properties com.novell.nam.tools.defed.DefedTool
Select the option to delete orphan objects. The tool prompts to provide IP address of the configuration datastore, port, user DN, and password.
The tool deletes all orphaned federation objects and displays the summary of total number of federation entries encountered and number of the federation objects deleted.
You can use this tool on a remote server also.