Hi Thomas,

As you suggested I tried out in implementing a custom Required Action. It worked fine for normal Browser auth flow, but didn't for the Direct Grant auth flow (doesn't even return tokens when a Required Action is in place). Hence I had to implement the same through a custom Authentication Flow (extra Execution step) and added it to both Browser and Direct Grant flows. Now it seems to be working fine.

Many thanks for your initial suggestion that paved the way to get this done!

Thanks Marek for your suggestion as well - but as per our use case, retrieving data from existing user sessions would not work.

Regards,

Lohitha.

On Fri, May 13, 2016 at 3:14 PM, Lohitha Chiranjeewa <kalc04@gmail.com> wrote:

Thanks for suggestions guys, will try out and see how it works.

Regards,
Lohitha.
On Wed, May 11, 2016 at 12:53 PM, Marek Posolda <mposolda@redhat.com> wrote:
Another possibility is to look at userSession (this info is available in admin console). When user authenticates, the new userSession is created for him with the "started" attribute containing the time of authentication. In admin console (and also via REST endpoints) there is possibility to look at all userSessions of particular user, so you can chose the one with last "started" attribute.

This requires some additional work for parse userSessions and also there is corner case when this info is not accurate (as new userSession is also created when "verify-email" is requested for particular user, which is not the time of successful authentication of particular user).

On the other hand, you don't need the custom Authenticator implementation. And there is also performance penalty in store the info in DB in user attributes, because you need to write to DB and update user during each login.

Marek

On 10/05/16 17:10, Thomas Darimont wrote:
Would be great to store some additional information like:
- count of failed logins

- last failed login date

Cheers,

Thomas

2016-05-10 14:38 GMT+02:00 Thomas Darimont <thomas.darimont@googlemail.com>:

Hello,

I implemented a custom RequiredAction that maintains stuff like:

- first login time

- most recent login time

- login count

in user attributes.

Cheers,

Thomas

2016-05-10 14:35 GMT+02:00 Lohitha Chiranjeewa <kalc04@gmail.com>:

Hi,

Is there a way to retrieve the last login time of a given user?

I checked the Admin Console, Rest specification and the mysql DB structure but couldn't find a place where that bit of information could be stored and retrieved from. Have I missed a place or is that feature not available (yet)?

Regards,

Lohitha.

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user