Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Get user login detail from custom login page

Avatar

Level 4

Dear community,

I would like to collect user's login detail from my custom login page whether the login action is successful or not.

The scenario would be: when the existing user log in AEM, the system write the timestamp into a user property for admins to check. When the user log in with wrong password, the timestamp should be recorded on another property under the user, then the Sign In buttom could be set disabled for, say, 15mins. 

Any comments are welcome!

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @YuSheng ,

 

1. If you are using custom login code as well, then you can simply get the user details from Session Object. And then create nodes based on it.

https://developer.adobe.com/experience-manager/reference-materials/spec/javax.jcr/javadocs/jcr-1.0/j... 

2. If you are using a SAML2.0 sign in , you will also get a success token and a failure token, based on this, you can perform the actions above.

Ref: https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/saml-2-0-authen... 

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi @YuSheng ,

 

1. If you are using custom login code as well, then you can simply get the user details from Session Object. And then create nodes based on it.

https://developer.adobe.com/experience-manager/reference-materials/spec/javax.jcr/javadocs/jcr-1.0/j... 

2. If you are using a SAML2.0 sign in , you will also get a success token and a failure token, based on this, you can perform the actions above.

Ref: https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/saml-2-0-authen... 

Avatar

Level 4

Hi @Anmol_Bhardwaj, thank you for the reply,

Would go for building a class (which import session) under core and trigger it in custom login.jsp. (I suppose this is what you talked about)

 

As to failure token you mentioned, Is using SAML2.0 sign in the only way to get failure token?

 

Avatar

Level 4

Now I succesfully record the last login time.

The way I did is to locate " Redirects after successful login or password change. " in login.js under clientlib, since the user is authenticated before this step, then I call the servlet to write the login time in property.

 

It seems a bit awkward but it works...

Keep working on capturing failure login detail! 

 

Snippet:

@Override
	protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException {
		ResourceResolver resolver = request.getResourceResolver();
		session = resolver.adaptTo(Session.class);
		String userId = session.getUserID();

		try {
			UserManager userManager = ((JackrabbitSession) session).getUserManager();
			Authorizable user = userManager.getAuthorizable(userId);

			SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
			user.setProperty("profile/lastLoginTimestamp",
					session.getValueFactory().createValue(sdf.format(new Date())));

			session.save();
			session.logout();
			
		} catch (Exception e) {
			log.error("Error in getting user detail" + e.getMessage());
		}
	}