Last successful login from rest API

This topic contains 6 replies, has 6 voices, and was last updated by  jjung2 10 months ago.

  • Author
  • #6270

    There is a way to get last successful login from rest API?
    That interface is not retrieving that information “openam/json/users/userId”.



    Well, if you are using OpenDJ as your Data Store and your source of authentication then you can enable via Password Policy a last-login-time-attribute and a last-login-time-format setting. Then you can request your defined last-login-time-attribute via your “openam/json/users/userId” call. Those values are not defined by default in the OpenDJ Default Password Policy as shown here:

    >>>> Configure the properties of the Password Policy
             Property                                   Value(s)
        1)   account-status-notification-handler        -
        2)   allow-expired-password-changes             false
        3)   allow-user-password-changes                true
        4)   default-password-storage-scheme            Salted SHA-1
        5)   deprecated-password-storage-scheme         -
        6)   expire-passwords-without-warning           false
        7)   force-change-on-add                        false
        8)   force-change-on-reset                      false
        9)   grace-login-count                          0
        10)  idle-lockout-interval                      0 s
        11)  last-login-time-attribute                  -
        12)  last-login-time-format                     -
        13)  lockout-duration                           0 s
        14)  lockout-failure-count                      0
        15)  lockout-failure-expiration-interval        0 s
        16)  max-password-age                           0 s
        17)  max-password-reset-age                     0 s
        18)  min-password-age                           0 s
        19)  password-attribute                         userpassword
        20)  password-change-requires-current-password  false
        21)  password-expiration-warning-interval       5 d
        22)  password-generator                         Random Password Generator
        23)  password-history-count                     0
        24)  password-history-duration                  0 s
        25)  password-validator                         -
        26)  previous-last-login-time-format            -
        27)  require-change-by-time                     -
        28)  require-secure-authentication              false
        29)  require-secure-password-changes            false
        ?)   help
        f)   finish - apply any changes to the Password Policy
        c)   cancel
        q)   quit

    In theory I would think this would work for you.

     Scott Heger 

    Meant to send the above from this account. :)


    I does not work. “openam/json/users/userId” does not return last login time.

     Peter Major 

    You should make sure that your Data Store configuration was updated to work with the attribute. Keep in mind that OpenAM will most likely cache operational attributes for a long while, so you should make sure that you test whether the value gets updated correctly.


    Hei Peter,

    thank you for your post. could please give some link or more info about cache-issue of operational attributes.


    Hello – I was referred here by Support so I would like to ask – if using a certificate module, would we still get getting the lastLoginTime value updated? Or would this work only with U/P logins? I ask since it seems to be tied with the password policy setting, which I’m unsure is in the path for certificate based logins.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?