The following sections cover the prerequisites that should be completed in order to publish information relating to the processing carried out by WSO2 Identity Server (WSO2 IS) in the Analytics Dashboard of WSO2 Analytics - IS.
Downloading WSO2 IS Analytics
Follow the instructions below to download the binary distribution of WSO2 IS Analytics.
The binary distribution contains the binary files for both MS Windows, and Linux-based operating systems. You can also download, and build the source code.
- Go to the WSO2 Identity Server previous releases page.
- Select Version 5.3.0.
Enter your email address and click Download as shown below:
Installing WSO2 IS Analytics
Take the following steps to install WSO2 IS Analytics. Because this procedure is identical to installing WSO2 Data Analytics Server (DAS), these steps take you to the DAS documentation for details.
Ensure that you have met the installation prerequisites.
The installation prerequisites for IS - Analytics is the same as that of WSO2 Data Analytics Server. Therefore, for detailed information about the supporting applications you need to install, see Installation Prerequisites in WSO2 DAS documentation.
- Go to the installation instructions relevant to your operating system:
Running WSO2 Analytics - Identity Server
Once WSO2 Analytics - IS is downloaded, you can start its server and access its Management Console.
- In instances where you use Geolocation-based statistics, you need to set this up before startup. For more information, see Using Geolocation Based Statistics.
- For detailed instructions to run a WSO2 product, see Running the Product.
- For detailed instructions to run WSO2 IS Analytics in a clustered setup, see WSO2 Products Clustering and Deployment Guide - Clustering Data Analytics Server.
Running WSO2 Identity Server
The WSO2 Identity Server should run simultaneously with the WSO2 Analytics - IS server. For detailed instructions to run a WSO2 product, see Running the Product.
Open the Management Consoles of the two WSO2 products in two separate browsers to avoid signing off from one Management Console when you sign into the other.
Enabling analytics for Identity Server
To enable publishing statistics for WSO2 Identity Server in WSO2 Analytics - IS, the following listeners should be enabled in the
|Purpose||This is the common event listener for all the types of Analytics supported for WSO2 IS. This listener captures all the statistics sent to WSO2 IS Analytics as events, and redirects them to the relevant listener based on their type. Therefore, this listener is required to enable both session analytics and login analytics.|
|Purpose||This listener should be enabled if you want to analyze statistics relating to logins attempted via WSO2 IS. For more information about this type of analytics, see Analyzing Statistics for Local Login Attempts.|
|Purpose||This listener should be enabled if you want to analyze statistics for specific sessions in WSO2 IS Analytics. A session is a time duration between a successful login and and the subsequent log out by a specific user. For more informations about this type of Analytics, see Analyzing Statistics for Sessions.|
Configuring event publishers
The required configuration details described below are available by default. Follow this section to understand the Analytics related configurations used in the process and do any modifications if required.
Configuring event publishers involve providing the information required by WSO2 IS to publish login and/or session data to the Analytics - IS server in order to analyze the data using the Analytics Dashboard. This configuration is the same for login analytics and session analytics. The differences are as follows.
- The configuration required for login analytics is located in the
<IS_HOME>/repository/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-AuthenticationData.xmlfile. The configuration required for session analytics is located in the
The event streams used for login analytics and session analytics are different because the format in which the events are captured for the two types of analytics are different. For detailed information about event streams, see Understanding Event Streams and Event Tables.
The event streams specified for publishers should not be modified because that would cause errors in the existing default configuration.
The common properties that can be configured for event publishers in the files mentioned above are as follows.
Configuration file property
The URL of the target receiver to which IS related information is sent as events. The format of the URL is as follows.
The default port offsets done for WSO2 Analytics - IS server should be taken into consideration when specifying the thrift port. e.g., If the WSO2 Analytics - IS server was started with a port offset of 1, the thrift port should be
For high availability scenarios, multiple analytics receivers can be defined by configuring multiple URLs (comma separated) with the format below.
As per the above configuration, events are published to all the receivers defined. For other ways of configuring the receiver URLs, refer WSO2Event Event Receiver page.
for configuring multiple analytics receivers
<property name="receiverURL">tcp://al.km.wso2.com:7614, tcp://al.km.wso2.com:7615</property>
The URL of the authenticator. The format of the authenticator URL is as follows.
The default port offsets done for WSO2 IS should be taken into consideration when specifying the SSL port. e.g., If the WSO2 IS server was started with a port offset of 1, the SSL port should be
This parameter is not included in the
Multiple AuthenticatorURLs can also be defined by configuring URLs (comma separated) with the format below.
The username of the listener.
|Password||A password for the listener.|
|Protocol||The communication protocol that is used to publish events.|
|Publishing Mode||The events publishing mode. Non-blocking refers to asynchronous publishing, and blocking refers to synchronous publishing.|
|Publishing Timeout||A positive integer to denote the timeout for the non-blocking publishing mode.|
Viewing event publishers and changing the admin password
In a fresh WSO2 Identity Server pack, in the
<IS_HOME>/repository/deployment/server/eventpublishers directory, you can view all event publishers related to IS analytics.
The following is a sample of this configuration file named IsAnalytics-Publisher-wso2event-AuthenticationData.xml.
In the above sample there is an encrypted password. However, in a fresh IS pack you can see a plain text password as shown below.
Once you restart the pack it will get automatically encrypted. So if you want to change the admin password you need to include the new password as plain text in IS event publishers as shown below.
Sharing the governance registry and user store
In order to log into the Analytics Dashboard with the credentials of a specific tenant (other than the super tenant) and view security statistics specific for that tenant, you need to share the governance registry and the user store. For detailed information about registry sharing strategies, see the library article Sharing Registry Space across Multiple Product Instances.
These datasources are configured with the H2 database type by default. If you configure them with MSSQL, add the
SendStringParametersAsUnicode property to the database connection URL in the data source configuration in the
<IS_ANALYTICS_HOME>/repository/conf/datasources/analytics-datasources.xml file as shown below to avoid deadlock issues that are caused when the same table row is updated in two or more sessions at the same time.
Configuring IS Analytics with a hostname
If you configure IS Analytics with a hostname, the relevant hostname (e.g.,
node2.analytics.com) should be added in the
IS-Analytics_Home/repository/deployment/server/jaggeryapps/portal/configs/designer.json file as shown below for the IS Analytics dashboards to function.
For complete instructions to change the default hostname of IS Analytics, see WSO2 DAS Documentation - Changing the Hostname.
If you created a new keystore for IS Analytics, you must import the public certificate of that keystore to the client-truststore.jks of the IS server. You can use following command to import that certificate.