Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : LastLogin

  • 1.  Tech Tip : CA Single Sign-On : LastLogin

    Broadcom Employee
    Posted Nov 27, 2018 09:26 AM


    We're running a Policy Server and we'd like to track the user who
    haven't logged in for more than x days. We've followed the instruction
    given in that community in order to rely on the SM_USERLASTLOGINTIME
    to determine if the user hasn't logged in for x days.


    But this value reports some data like "1512029788" (11/30/2017 @ 8:16am
    (UTC)) or 0 (we're in 2018), which doesn't make sense.


    How can I fix that ?




    To get a consistent value :


    - Set the response attribute to be recalculate every 1 second and not to be


    - To avoid confusion, use another variable name to pass the value;

    To illustrate :


    - Configure it as User Attribute for Response :


    Attribute Setup

    User Attribute

    Variable Name : LOGINTIME

    HTTP Variable Name : HTTP_LOGINTIME



    and avoid to cache the value.


    Recalculate value every
    seconds : 1


    Then in the Policy, attach this response to a "OnAuthAccept" rule.


    KB : KB000121558