Tracking User Sign-In Attempts

This topic discusses how to:

  • Enable user sign-in attempt tracking.

  • View results in the PSPTLOGINAUDIT table.

Understanding Tracking User Sign-In Attempts

For every sign on attempt to the PeopleSoft Pure Internet Architecture (PIA) the following information can be logged:

  • Information about the last successful login, including timestamp and authentication type.

  • Information about the last failed attempt, including timestamp, failed logic count and authentication type.

The information is logged in and can be queried from the PSPTLOGINAUDIT table.

Understanding Abandoned Sessions and the PSPTLOGINAUDIT Table

The information captured in the PSPTLOGINAUDIT table does not account for abandoned PIA sessions.

An abandoned session can occur when:

  • A user’s PIA session times out.

  • A user puts a new URL in the current PIA page and navigates to another web site.

If a user does not sign out of the system properly, he or she appears as still signed into the system.

Enabling User Sign-In Attempt Tracking

To track user sign-in attempts:

  1. Access the application server configuration file.

  2. Locate the Security section.

  3. Set the Enable Login Audit option equal to one of the following values:

    • Y. (Default.) Enable login audits.

    • N. Disable login audits.

  4. Save the file.

You do not need to reboot the application server when you define or change this parameter.

Viewing Results in the PSPTLOGINAUDIT Table

When the Enable Login Audit parameter is enabled, the following information is stored in the PSPTLOGINAUDIT table:

Please note the following:

  • The system captures only information about sign-in attempts by operator IDs in the PSOPRDEFN table.

  • The table does not record application server or process scheduler boot activity.

  • The table does not capture two-tier sign on.

  • The table records the first application server connection from the web server.

Field or Control

Description

PT_AUTH_TYPE

Displays the type of authentication used during the sign-in attempt. The valid values are:

  • 0. Authentication token.

  • 1. Database authentication.

  • 2. Signon PeopleCode authentication.

OPRID

The user profile ID from the PSOPRDEFN table of the person who attempted to sign into the system.

PTSIGNONID

User ID used when the sign-in attempt was made.

This may be different than the OPRID when LDAP user authentication or user ID aliases are in use.

PT_SIGNON_STATUS

Displays the status of the login attempt for a user. The valid values are:

  • 0. Success.

  • 1. Failure.

FAILEDLOGINS

Number of failed logins since the last successful login attempt.

Note the following:

  • The value reflects the value recorded in PSOPRDEFN.FAILEDLOGINS.

  • The value will always be 0 (zero) on both successful and unsuccessful attempts, once a successful login occurs.

  • A non-zero value reflects that the most recent login attempt was a failure and the number of consecutive failures that occurred.

LASTSIGNONDTTM

Time at which the last sign on occurred.