diff --git a/src/authentic2_auth_fedict/views.py b/src/authentic2_auth_fedict/views.py
index b56f228..e93aa59 100644
--- a/src/authentic2_auth_fedict/views.py
+++ b/src/authentic2_auth_fedict/views.py
@@ -14,12 +14,15 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import urllib.parse
 import random
 
+from django.conf import settings
 from django.core import signing
 from django.urls import reverse
 from django.db import transaction
 from django.http import HttpResponseRedirect
+from django.shortcuts import resolve_url
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View
 
@@ -54,6 +57,16 @@ class LoginView(mellon.views.LoginView):
         idp = mellon.utils.get_idp(attributes['issuer'])
         adapter = mellon.utils.get_adapters(idp)[0]
         user = adapter.lookup_user(idp, attributes)
+
+        # extract nonce from next_url and record an additional authentication
+        # event with it (as the event recorded in the adapter lacks the nonce).
+        next_url = self.get_next_url(default=resolve_url(settings.LOGIN_REDIRECT_URL))
+        try:
+            nonce = urllib.parse.parse_qs(urllib.parse.urlparse(next_url).query)['nonce'][0]
+        except (KeyError, IndexError):
+            nonce = None
+        a2_utils.record_authentication_event(request, 'fedict', nonce=nonce)
+
         if not user.email:
             adapter.provision_attribute(user, idp, attributes)
             user.is_active = False