Yes, steps are as documented but let me summarize it anyway.
1. Ensure that password policy is enabled on the directory and authentication schme. Enable user login tracking in password policy.
Basically unless this done, the LastLogintTime will not be tracked in the password blob.
2. Create HTTP response header and configure it to return above default siteminder header.
3. Ties the respone header with either OnAuthAccept or OnAccessAccept rules.
4. Tie the rule to the policy.
5. Test the return header on the webserver side by dumping all server HTTP headers. It will not be available in Fiddler.