Generating a passcode does not update 'Last Activity' field in admin page?

classic Classic list List threaded Threaded
12 messages Options
tb
Reply | Threaded
Open this post in threaded view
|

Generating a passcode does not update 'Last Activity' field in admin page?

tb
Hi,
I have a script running in cron that calls the <type>14</type> API transaction to get user info. The info that comes back contains a timestamp item named <lastActivity>2016-03-03</lastActivity>. I'd like to automatically disable tokens which haven't had any activity for the past XX days, however this timestamp does not seem to get updated simply by generating a passcode.

Is there another field or transaction I can use to find out if the user has used their token "in the past xx days" ?

Would it work to check for that passcode activity myself (in the log4j log for instance) and update the last_activity postgres field in the wikid database from a shell script?

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

Nick Owen
Administrator
What version of WiKID are you using?

On Thu, Aug 11, 2016 at 10:11 AM, tb [via WiKID Strong Authentication
Forums] <[hidden email]> wrote:

> Hi,
> I have a script running in cron that calls the <type>14</type> API
> transaction to get user info. The info that comes back contains a timestamp
> item named <lastActivity>2016-03-03</lastActivity>. I'd like to
> automatically disable tokens which haven't had any activity for the past XX
> days, however this timestamp does not seem to get updated simply by
> generating a passcode.
>
> Is there another field or transaction I can use to find out if the user has
> used their token "in the past xx days" ?
>
> Would it work to check for that passcode activity myself (in the log4j log
> for instance) and update the last_activity postgres field in the wikid
> database from a shell script?
>
> Thanks
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Generating-a-passcode-does-not-update-Last-Activity-field-in-admin-page-tp7575269.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
Hi, I'm using wikid-server-enterprise-4.0.1-b1905 .  

Poking around in psql, I think I found the table and field to alter:
wikid=# select deviceid,creation,init_expire,last_activity from full_devices where deviceid = <a_real_device_id_number>;

 Would it be safe to simply update the last_activity field when I detect a passcode gen from the given device? I don't see any other timestamps in that database table :/

PS: perhaps adding a database trigger would work best?  Not sure how or where to add that though.
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

Nick Owen
Administrator
The date returned is based on the user activity, not the token
activity.  so, instead of just requesting a passcode, the attempt to
use it.

We can add token activity to the API too, but do you want that or the
user activity?



On Thu, Aug 11, 2016 at 10:45 AM, tb [via WiKID Strong Authentication
Forums] <[hidden email]> wrote:

> Hi, I'm using wikid-server-enterprise-4.0.1-b1905 .
>
> Poking around in psql, I think I found the table and field to alter:
> wikid=# select deviceid,creation,init_expire,last_activity from full_devices
> where deviceid = <a_real_device_id_number>;
>
>  Would it be safe to simply update the last_activity field when I detect a
> passcode gen from the given device? I don't see any other timestamps in that
> database table :/
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Generating-a-passcode-does-not-update-Last-Activity-field-in-admin-page-tp7575269p7575271.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
Hi,
Having Token activity timestamp available from the API  would be most useful for me.  This way, when a user's token is nearing an automatic "disable date", I can send an email to notify them and they can simply generate an OTP to reset that timestamp to the current date/time.  This would allow them to keep their token active without having to also open an application to generate a login.
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
In reply to this post by Nick Owen
I think I've got a db procedure/trigger that would work for updating full_devices.last_activity whenever a user generates an OTP. Not sure I'd want to implement it in production though without knowing the full impact on the system overall. Any thoughts?


CREATE or REPLACE FUNCTION update_last_activity() RETURNS trigger AS $$
    BEGIN
        -- update the last_activity field in full_devices with current time where deviceid matches
        -- view this code with: \df+ update_last_activity

        UPDATE full_devices SET last_activity=NOW() WHERE deviceid=(SELECT full_devicemap.deviceid FROM full_devicemap WHERE full_devicemap.id_devicemap=NEW.id_devicemap);
    RETURN NEW;  
END; $$ LANGUAGE 'plpgsql';

CREATE TRIGGER lact_stamp BEFORE INSERT on curr_codes FOR EACH ROW EXECUTE PROCEDURE update_last_activity();

Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

Nick Owen
Administrator
ok - this rpm now has the token activity timestamp returned.

https://downloads.wikidsystems.com/wikid-server-enterprise-4.2.0.b1980-1.noarch.rpm

Let me know how it goes!

Nick

On Thu, Aug 11, 2016 at 5:07 PM, tb [via WiKID Strong Authentication
Forums] <[hidden email]> wrote:

> I think I've got a db procedure/trigger that would work for updating
> full_devices.last_activity whenever a user generates an OTP. Not sure I'd
> want to implement it in production though without knowing the full impact on
> the system overall. Any thoughts?
>
>
> CREATE or REPLACE FUNCTION update_last_activity() RETURNS trigger AS $$
>     BEGIN
>         -- update the last_activity field in full_devices with current time
> where deviceid matches
>         -- view this code with: \df+ update_last_activity
>
>         update full_devices set last_activity=now() where deviceid=(select
> full_devicemap.deviceid from full_devicemap where
> full_devicemap.id_devicemap=NEW.id_devicemap);
>     RETURN new;
> END; $$ LANGUAGE 'plpgsql';
>
> CREATE TRIGGER lact_stamp BEFORE INSERT on curr_codes FOR EACH ROW EXECUTE
> PROCEDURE update_last_activity();
>
>
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/Generating-a-passcode-does-not-update-Last-Activity-field-in-admin-page-tp7575269p7575274.html
> To start a new topic under Support, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.
> NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
Looks good. Converted the RPM to a DEB with Alien and installed on Ubuntu via dpkg (hope that works OK.. seems to). I adjusted my process to look at the new "<last_activity>1456898400000</last_activity>" XML tag instead. Things appear to working well so far.  Thanks!
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
Noticed something  a bit odd this morning. last_activity for one token is being reported as 1463720400000 which, according to this epoch converter (http://www.unixtimestamp.com/index.php), is 05/20/2016 which is actually the initialize date. NOTE: remove last 3 zeros when pasting into converter. I believe those are UTC offset or something.

xml dump of token

In the WiKID control panel however, the last_activity is show as Aug, 1 2016 which is correct.

wikid control panel

Seems like something is out-of-whack here. Any ideas how to fix it? I think the rest of the tokens do report the correct last activity in the corresponding field.
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

Nick Owen
Administrator

That is odd.

Was it registered before the update?  If you delete and register again, does it still happen?


On Aug 23, 2016 9:42 AM, "tb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Noticed something  a bit odd this morning. last_activity for one token is being reported as 1463720400000 which, according to this epoch converter (http://www.unixtimestamp.com/index.php), is 05/20/2016 which is actually the initialize date.

xml dump of token

In the WiKID control panel however, the last_activity is show as Aug, 1 2016 which is correct.

wikid control panel

Seems like something is out-of-whack here. Any ideas how to fix it? I think the rest of the tokens do report the correct last activity in the corresponding field.


To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
tb
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

tb
Yes, this token was created on 5/20/16 so it was prior to the update. All other tokens were created prior to the update as well and seem to be tracking correctly so not sure what is different about the "...418" token.  I'm not sure the user ever logged in using an actual OTP, would that do it?  

I can contact the user to have them re-register, but kind of wondering if this is a random one-off, or indicative of something that may affect other tokens.
Reply | Threaded
Open this post in threaded view
|

Re: Generating a passcode does not update 'Last Activity' field in admin page?

Nick Owen
Administrator

Hmm. Maybe. Are they registered?


On Aug 23, 2016 11:40 AM, "tb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Yes, this token was created on 5/20/16 so it was prior to the update. All other tokens were created prior to the update as well and seem to be tracking correctly so not sure what is different about the "...418" token.  I'm not sure the user ever logged in using an actual OTP, would that do it?


To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML