Layer 7 Access Management

Tech Tip : CA Single Sign-On : LastLogin

  • 1.  Tech Tip : CA Single Sign-On : LastLogin

    Posted 11-27-2018 09:26 AM

    Issue:


    We're running a Policy Server and we'd like to track the user who
    haven't logged in for more than x days. We've followed the instruction
    given in that community in order to rely on the SM_USERLASTLOGINTIME
    to determine if the user hasn't logged in for x days.

     

    But this value reports some data like "1512029788" (11/30/2017 @ 8:16am
    (UTC)) or 0 (we're in 2018), which doesn't make sense.

     

    How can I fix that ?

     

    Resolution:

     

    To get a consistent value :

     

    - Set the response attribute to be recalculate every 1 second and not to be
    cached;

     

    - To avoid confusion, use another variable name to pass the value;

    To illustrate :

     

    - Configure it as User Attribute for Response :

     

    Attribute Setup

    User Attribute

    Variable Name : LOGINTIME
    Attribute Name : SM_USERPREVIOUSLOGINTIME

    HTTP Variable Name : HTTP_LOGINTIME

    LOGINTIME=<%userattr="SM_USERPREVIOUSLOGINTIME"%>

     

    and avoid to cache the value.

     

    Recalculate value every
    seconds : 1

     

    Then in the Policy, attach this response to a "OnAuthAccept" rule.

     

    KB : KB000121558