Friday, September 11, 2020

Adobe Experience Manager: Reporting on User’s Last Login Date

 In this tutorial let us see the details on how to build a custom user report in AEM to get the user profile data along with last login details.

AEM won’t provide any OOTB feature to track the last login details of the users — timestamp of the user’s login.

Sometimes we may have the requirement to report the last login timestamp of the users for auditing purposes e.g identify the users who are not login to the system for the last 1 month, identify the inactive users, etc

This can be achieved by enabling a Custom AuthenticationInfoPostProcessor to capture the last login timestamp and building a custom ACS AEM Commons report to fetch the required user profile data along with the last login timestamp.

As a first step define a custom AuthenticationInfoPostProcessor component to update the last login timestamp to the user profile.

AuthenticationInfoPostProcessor

AuthenticationInfoPostProcessor allows bundles to modify the AuthenticationInfo object after authentication has been performed.

AuthenticationHandler#extractCredentials invokes AuthenticationInfoPostProcessor#postProcess with AuthenticationInfo on successful authentication. The “postProcess” can modify the AuthenticationInfo or perform other operations based on the requirement in our case updating the user profile with login timestamp.

Let us enable a custom AuthenticationInfoPostProcessor that will update the user profile with the last login timestamp.


Enable a service user with the name “custom-user-manager” and provide the jcr:read/jcr:write access to /home/users also enable the user service mapping

Image for post
Image for post

Now the user profile will be updated with the login timestamp on every login to the custom property “lastloggedin”.

Image for post

Let us now build a custom ACS AEM Commons report to fetch the basic user data

Tools →ACS AEM Commons →Reports

Add a new Report with the name “user-report” (I am generating this in AEM as Cloud Author instance with the latest — 4.8.0 ACS AEM Commons package)

Image for post

Edit the report and add the “JCR Query Report configuration” component in the Configuration section.

Query — this excludes the system-specific users, modify the query based on your requirement to fetch the report for different scenarios.

SELECT * FROM [rep:User] AS user WHERE ISDESCENDANTNODE([/home/users]) AND NOT ISDESCENDANTNODE([/home/users/system/cq:services/internal]) AND NOT ISDESCENDANTNODE([/home/users/system/acs-commons]) AND NOT ISDESCENDANTNODE([/home/users/system]) AND NOT ISDESCENDANTNODE([/home/users/system/translation])

Query Language — JCR SQL2

Page Size -50

Image for post

Now configure the required fields including “lastloggedin” under Result Columns with component Type “ACS Commons Report Builder Text Column”

Image for post

Now open the report and click on “Execute Report”, the report can be downloaded as a CSV file if required — the report now includes the last login timestamp of the users.

Image for post

The same report can also be generated through Tools →ACS AEM Commons →User to CSV Exporter, this report includes the additional details like “group names” but includes all the users in the system, the report can be downloaded as a CSV file.

Image for post

Even the query builder can be used to identify the user’s login to the system within a specific time( the parameters can be modified to fetch the data for different scenarios)

p.hits=selective
p.limit=-1
path=/home/users
type=rep:User
1_relativedaterange.property=profile/lastloggedin
1__relativedaterange.lowerBound=-1M
orderby=@profile/lastloggedin
p.properties=profile/lastloggedin profile/givenName profile/familyName profile/email rep:authorizableId

The 1__relativedaterange.lowerBound value can be changed based on your requirement to 1s 2m 3h 4d 5w 1M 1y

http://localhost:4502/bin/querybuilder.json?1_relativedaterange.lowerBound=-1M&1_relativedaterange.property=profile%2flastloggedin&orderby=%40profile%2flastloggedin&p.hits=selective&p.limit=-1&p.properties=profile%2flastloggedin%20profile%2fgivenName%20profile%2ffamilyName%20profile%2femail%20rep%3aauthorizableId&path=%2fhome%2fusers&type=rep%3aUser

This will provide the JSON with user details who log in to the system for the last one month.

{
"success": true,
"results": 2,
"total": 2,
"more": false,
"offset": 0,
"hits": [
{
"rep:authorizableId": "albin",
"profile": {
"lastloggedin": "2020-09-10T22:15:41.807+05:30",
"givenName": "Albin",
"familyName": "Issac",
"email": "[email protected]"
}
},
{
"rep:authorizableId": "admin",
"profile": {
"lastloggedin": "2020-09-11T01:52:56.358+05:30",
"familyName": "Administrator"
}
}
]
}

The Custom AuthenticationInfoPostProcessor can be modified even to add other scenarios e.g capturing the number of times the user login to the system.