[keycloak-user] Last Login Time of User

Lohitha Chiranjeewa kalc04 at gmail.com
Thu May 19 15:10:12 EDT 2016


Hi Thomas,

As you suggested I tried out in implementing a custom Required Action. It
worked fine for normal Browser auth flow, but didn't for the Direct Grant
auth flow (doesn't even return tokens when a Required Action is in place).
Hence I had to implement the same through a custom Authentication Flow
(extra Execution step) and added it to both Browser and Direct Grant flows.
Now it seems to be working fine.

Many thanks for your initial suggestion that paved the way to get this done!

Thanks Marek for your suggestion as well - but as per our use case,
retrieving data from existing user sessions would not work.


Regards,
Lohitha.



On Fri, May 13, 2016 at 3:14 PM, Lohitha Chiranjeewa <kalc04 at gmail.com>
wrote:

> Thanks for suggestions guys, will try out and see how it works.
>
> Regards,
> Lohitha.
>
> On Wed, May 11, 2016 at 12:53 PM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
>> Another possibility is to look at userSession (this info is available in
>> admin console). When user authenticates, the new userSession is created for
>> him with the "started" attribute containing the time of authentication. In
>> admin console (and also via REST endpoints) there is possibility to look at
>> all userSessions of particular user, so you can chose the one with last
>> "started" attribute.
>>
>> This requires some additional work for parse userSessions and also there
>> is corner case when this info is not accurate (as new userSession is also
>> created when "verify-email" is requested for particular user, which is not
>> the time of successful authentication of particular user).
>>
>> On the other hand, you don't need the custom Authenticator
>> implementation. And there is also performance penalty in store the info in
>> DB in user attributes, because you need to write to DB and update user
>> during each login.
>>
>> Marek
>>
>>
>>
>> On 10/05/16 17:10, Thomas Darimont wrote:
>>
>> Would be great to store some additional information like:
>> - count of failed logins
>> - last failed login date
>>
>> Cheers,
>> Thomas
>>
>> 2016-05-10 14:38 GMT+02:00 Thomas Darimont <
>> thomas.darimont at googlemail.com>:
>>
>>> Hello,
>>>
>>> I implemented a custom RequiredAction that maintains stuff like:
>>> - first login time
>>> - most recent login time
>>> - login count
>>> in user attributes.
>>>
>>> Cheers,
>>> Thomas
>>>
>>> 2016-05-10 14:35 GMT+02:00 Lohitha Chiranjeewa < <kalc04 at gmail.com>
>>> kalc04 at gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> Is there a way to retrieve the last login time of a given user?
>>>>
>>>> I checked the Admin Console, Rest specification and the mysql DB
>>>> structure but couldn't find a place where that bit of information could be
>>>> stored and retrieved from. Have I missed a place or is that feature not
>>>> available (yet)?
>>>>
>>>>
>>>> Regards,
>>>> Lohitha.
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160520/4cf45561/attachment-0001.html 


More information about the keycloak-user mailing list