This topic contains 2 replies, has 3 voices, and was last updated by  Andy Cory 3 months ago.

  • Author
    Posts
  • #25774
     japearson 
    Participant

    Hi,

    I was wondering if there is a way for DS to store the 2nd last login time?

    I’ve seen the guide for “track last login in time”: https://backstage.forgerock.com/docs/ds/6.5/admin-guide/#example-track-last-login

    But I want to be able to have the 2nd last login time, ie so when a user logs into an Application they can be shown that they “last logged in 2 days ago”. Because if I use the lastLoginTime attribute then I am presuming that as soon as authentication has taken place it will be updated, which means that the application will just show something like “last logged in now”.

    Previously, I’ve seen an OpenAM authentication module that takes a copy of the lastLoginTime and puts it into another ldap attribute just before authentication takes place. But that is a bit annoying, so I’m hoping there is a nicer way.

    Otherwise, I suppose I could read the lastLoginTime into the OpenAM session before authentication happens or something like that.

    What have other people done for this situation?

    #25775
     Ludo 
    Moderator

    Hi,
    There is no feature in DS to keep the 2nd last login time out of the box. I guess this could be implemented as a pre-bind operation plugin.
    There has been a single request for such feature and therefore it has never been really high on our priority list.
    As you said, there are alternate ways to do this in Access Management as well.

    #25828
     Andy Cory 
    Participant

    > What have other people done for this situation?

    Used Access Management, in our case, but rather than do this in an authentication module we had a dedicated post-authentication plug-in. The job of that plug-in was to do basically what you outline, save a timestamp to a custom lastLoginTime attribute in DS and copy the value currently in that attribute (if any) to a previousLastLoginTime attribute. Exposing those two attributes in the AM datastore definition then allows apps to query previousLastLoginTime to display the ‘Hello Fred, you last logged in at xxx’ message instead of the not very useful last logged in 2 seconds ago. (We could have used the built-in lastLoginTime attribute for the first of these, but used a custom attribute to isolate our functionality from DS’s existing functionality.)

    -Andy

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?