May 10, 2019 at 1:09 pm #25774japearsonParticipant
I was wondering if there is a way for DS to store the 2nd last login time?
I’ve seen the guide for “track last login in time”: https://backstage.forgerock.com/docs/ds/6.5/admin-guide/#example-track-last-login
But I want to be able to have the 2nd last login time, ie so when a user logs into an Application they can be shown that they “last logged in 2 days ago”. Because if I use the lastLoginTime attribute then I am presuming that as soon as authentication has taken place it will be updated, which means that the application will just show something like “last logged in now”.
Previously, I’ve seen an OpenAM authentication module that takes a copy of the lastLoginTime and puts it into another ldap attribute just before authentication takes place. But that is a bit annoying, so I’m hoping there is a nicer way.
Otherwise, I suppose I could read the lastLoginTime into the OpenAM session before authentication happens or something like that.
What have other people done for this situation?May 10, 2019 at 2:29 pm #25775LudoModerator
There is no feature in DS to keep the 2nd last login time out of the box. I guess this could be implemented as a pre-bind operation plugin.
There has been a single request for such feature and therefore it has never been really high on our priority list.
As you said, there are alternate ways to do this in Access Management as well.May 20, 2019 at 11:00 am #25828Andy CoryParticipant
> What have other people done for this situation?
Used Access Management, in our case, but rather than do this in an authentication module we had a dedicated post-authentication plug-in. The job of that plug-in was to do basically what you outline, save a timestamp to a custom
lastLoginTimeattribute in DS and copy the value currently in that attribute (if any) to a
previousLastLoginTimeattribute. Exposing those two attributes in the AM datastore definition then allows apps to query
previousLastLoginTimeto display the ‘Hello Fred, you last logged in at xxx’ message instead of the not very useful
last logged in 2 seconds ago. (We could have used the built-in
lastLoginTimeattribute for the first of these, but used a custom attribute to isolate our functionality from DS’s existing functionality.)
You must be logged in to reply to this topic.