how to reset or remove user token #28

dni-coder · 2024-07-18T14:38:20Z

Hello,

when a user is deactivated via sso, the user token is still valid.
How is it possible to reset or remove this user token to be invalid?!

Regards
David

a-langer · 2024-07-18T15:26:27Z

You need to deactivate the user not only in the identity provider, but also in the Nexus app itself. This is the logic of revoking rights when authorizing through third-party identity providers, see https://help.sonatype.com/en/saml.html#revoking-user-access:

Note that SAML does not allow notification of downstream systems when a user in the identity provider is deactivated. However, as soon as a user is deactivated in the identity provider, they will not be able to log into Sonatype Nexus Repository using SAML.

If these users have user tokens, those will remain present in Sonatype Nexus Repository.

The user's status when authorizing using tokens is checked by an SQL query in shiro.ini#L76

a-langer added documentation Improvements or additions to documentation tokens User Auth Tokens labels Jul 18, 2024

a-langer closed this as completed Aug 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

how to reset or remove user token #28

how to reset or remove user token #28

dni-coder commented Jul 18, 2024

a-langer commented Jul 18, 2024 •

edited

Loading

how to reset or remove user token #28

how to reset or remove user token #28

Comments

dni-coder commented Jul 18, 2024

a-langer commented Jul 18, 2024 • edited Loading

a-langer commented Jul 18, 2024 •

edited

Loading