You might have to do this via LDAP. Check the operational attributes for a sample user. To see the operational attributes, run `ldapsearch` command with the + character for attributes. You must escape the character using a means appropriate to your shell.
$ ldapsearch -h localhost -p 1636 -D "cn=Directory Manager" -Z -X \
-j /tmp/.pw -b "o=gluu" "(uid=foo)" "+"
If the user is not modified during login, you may need to add the last login time in an interception script. Depending which attribute you use, you could then potentially get this info in a SCIM request.