This topic has 2 replies, 3 voices, and was last updated 2 years, 5 months ago by Andy Cory.

  • Author
  • #25774


    I was wondering if there is a way for DS to store the 2nd last login time?

    I’ve seen the guide for “track last login in time”:

    But I want to be able to have the 2nd last login time, ie so when a user logs into an Application they can be shown that they “last logged in 2 days ago”. Because if I use the lastLoginTime attribute then I am presuming that as soon as authentication has taken place it will be updated, which means that the application will just show something like “last logged in now”.

    Previously, I’ve seen an OpenAM authentication module that takes a copy of the lastLoginTime and puts it into another ldap attribute just before authentication takes place. But that is a bit annoying, so I’m hoping there is a nicer way.

    Otherwise, I suppose I could read the lastLoginTime into the OpenAM session before authentication happens or something like that.

    What have other people done for this situation?


    There is no feature in DS to keep the 2nd last login time out of the box. I guess this could be implemented as a pre-bind operation plugin.
    There has been a single request for such feature and therefore it has never been really high on our priority list.
    As you said, there are alternate ways to do this in Access Management as well.

     Andy Cory

    > What have other people done for this situation?

    Used Access Management, in our case, but rather than do this in an authentication module we had a dedicated post-authentication plug-in. The job of that plug-in was to do basically what you outline, save a timestamp to a custom lastLoginTime attribute in DS and copy the value currently in that attribute (if any) to a previousLastLoginTime attribute. Exposing those two attributes in the AM datastore definition then allows apps to query previousLastLoginTime to display the ‘Hello Fred, you last logged in at xxx’ message instead of the not very useful last logged in 2 seconds ago. (We could have used the built-in lastLoginTime attribute for the first of these, but used a custom attribute to isolate our functionality from DS’s existing functionality.)


Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?