This documentation is for WSO2 Identity Server 5.2.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following sections cover the prerequisites that should be completed in order to publish information relating to the processing carried out by WSO2 Identity Server (WSO2 IS) in the Analytics Dashboard of WSO2 Analytics - IS.

Table of Contents
maxLevel3
minLevel3

Downloading WSO2 IS Analytics

...

Follow the instructions below to download the binary distribution of WSO2 IS Analytics - IS.

The binary distribution contains the binary files for both MS Windows, and Linux-based operating systems. You can also download, and build the source code.

  1. In your Web browser, go to <IS Analytics page link>
  2. Click the Download button in the upper right-hand corner of the page to download the latest version. 

Next, go to Installation Prerequisites in WSO2 DAS Documentation for instructions on installing the necessary supporting applications..

  1. Go to the WSO2 Identity Server previous releases page.
  2. Select Version 5.2.0.
  3. Enter your email address and click Download as shown below:
    Image Added
     

Installing WSO2 IS Analytics

Take the following steps to install WSO2 IS Analytics. Because this procedure is identical to installing WSO2 Data Analytics Server (DAS), these steps take you to the DAS documentation for details.

  1. Ensure that you have met the installation prerequisites.

    Info

    The installation prerequisites for IS - Analytics is the same as that of WSO2 Data Analytics Server. Therefore, for detailed information about the supporting applications you need to install, see Installation Prerequisites in WSO2 DAS documentation.

  2. . Go to the installation instructions relevant to your operating system:

Running WSO2 Analytics - Identity Server

Once WSO2 Analytics - IS is downloaded, you can start its server and access its Management Console.

For detailed instructions to run a WSO2 product, see Running the Product.

Info

The WSO2 Analytics - IS server and the WSO2 IS server are required to run simultaneously. Therefore it is required to start one of the servers with a default port offset using the following property.
-DportOffset=1 

For detailed instructions to run WSO2 IS Analytics in a clustered setup, see WSO2 Products Clustering and Deployment Guide - Clustering Data Analytics Server.

Running WSO2 Identity Server

...

Tip

Open the Management Consoles of the two WSO2 products in two separate browsers to avoid signing off from one Management Console when you sign into the other.

Enabling

...

analytics for Identity Server

In To enable publishing statistics for WSO2 Identity Server , analytics is enabled by default.. <Incorporate a config for this>

Setting up the DAS configuration

Setting up the DAS configuration involves providing the information required by WSO2 IS to publish data to the DAS server in order to analyze the data using the Analytics Dashboard. Follow the procedure below to set up the DAS configuration. 

In WSO2 IS, there is a Data publisher configuration which provides necessary details about the destination/target DAS Server. It is located at in WSO2 Analytics - IS, the following listeners should be enabled in the <IS_HOME>/repository/deploymentconf/serveridentity/eventpublishers/AuthenticationDataPublisheridentity.xml . Below is the sample configuration. Here, please make sure to point to the correct DAS Thrift port (If you are running DAS by offset 1 then DAS Thrift port is 7612).

Code Block
<?xml version="1.0" encoding="UTF-8"?>
<eventPublisher name="AuthenticationDataPublisher" statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventpublisher">
  <from streamName="authentication-analytics-stream" version="1.0.0"/>
  <mapping customMapping="disable" type="wso2event"/>
  <to eventAdapterType="wso2event">
    <property name="username">admin</property>
    <property name="protocol">thrift</property>
    <property name="publishingMode">non-blocking</property>
    <property name="publishTimeout">0</property>
    <property name="receiverURL">tcp://localhost:7612</property>
    <property encrypted="false" name="password">admin</property>
  </to>
</eventPublisher>

The above event publisher properties are described below file.

Listenerorg.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy
PurposeThis is the common event listener for all the types of Analytics supported for WSO2 IS. This listener captures all the statistics sent to WSO2 IS Analytics as events, and redirects them to the relevant listener based on their type. Therefore, this listener is required to enable both session analytics and login analytics.
Configuration
Code Block
languagexml
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
			name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
			orderId="11" enable="true"/>
Listenerorg.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl
Purpose

This listener should be enabled if you want to analyze statistics relating to logins attempted via WSO2 IS. For more information about this type of analytics, see the following sections.

Configuration
Code Block
languagexml
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
			name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl"
			orderId="10" enable="true"/>

   

Listenerorg.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl
PurposeThis listener should be enabled if you want to analyze statistics for specific sessions in WSO2 IS Analytics. A session is a time duration between a successful login and and the subsequent log out by a specific user. For more informations about this type of Analytics, see Analyzing Statistics for Sessions.
Configuration
Code Block
languagexml
<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
			name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl"
			orderId="11" enable="true"/>

Configuring event publishers

Info

The required configuration details described below are available by default. Follow this section to understand the Analytics related configurations used in the process and do any modifications if required.

Configuring event publishers involve providing the information required by WSO2 IS to publish login and/or session data  to the Analytics - IS server in order to analyze the data using the Analytics Dashboard. This configuration is the same for login analytics and session analytics. The differences are as follows.

  • The configuration required for login analytics is located in the <IS_HOME>/repository/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-AuthenticationData.xml  file. The configuration required for session analytics is located in the <IS_HOME>/repository/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-SessionData.xml file.
  • The event streams used for login analytics and session analytics are different because the format in which the events are captured for the two types of analytics are different. For detailed information about event streams, see Understanding Event Streams and Event Tables.

    Note

    The event streams specified for publishers should not be modified because that would cause errors in the existing default configuration.

     

The common properties that can be configured for event publishers in the files mentioned above are as follows.

Adapter Property
Description
Configuration file property
Example
Receiver URL

The URL of the target receiver to which IS related information is sent as events. The format of the URL is as follows.

tcp://<HOSTNAME>:<THRIFT_PORT>

Info

The default port offsets done for WSO2 Analytics - IS server should be taken into consideration when specifying the thrift port. e.g., If the WSO2 Analytics - IS server was started with a port offset of 1, the thrift port should be 7612 instead of 7611.


receiverURL

tcp://localhost:

7661

7612

Authenticator URL

The URL of the authenticator. The format of the authenticator URL is as follows.

ssl://<HOSTNAME>:<SSL_PORT>

Info

The default port offsets done for WSO2 IS should be taken into consideration when specifying the SSL port. e.g., If the WSO2 IS server was started with a port offset of 1, the SSL port should be 7712 instead of 7711.

Info

This parameter is not included in the AuthenticationDataPublisher.xml file by default. When it is not included, the authenticator URL is derived by adding 100 to the thrift port.


authenticatorURL
tcp

ssl://

auth-host

localhost:

7661

7712

User Name
Username for the listener
username

The username of the listener.

Info

If the EnableEmailUserName property is set to true in the <CEP_HOME>/repository/conf/carbon.xml , you should define the username with the tenant domain.

e.g., <property name="username">[email protected]@carbon.super</property>

For more information, see Using Email Address as the Username.

username

wso2event-user

Password
Password
A password for the listener.
password
wso2event-password
Protocol The communication protocol that
will be
is used to publish events.
protocol
thrift/binary
Publishing Mode
Events
The events publishing mode. Non-blocking refers to asynchronous publishing, and blocking refers to synchronous publishing.
publishingMode
non-blocking/blocking
Publishing Timeout
Positive
A positive integer to denote the timeout for the non-blocking publishing mode.
publishTimeout
0

Sharing the governance registry and user store

In order to log into the Analytics Dashboard with the credentials of a specific tenant (other than the super tenant) and view security statistics specific for that tenant, you need to share the governance registry and the user store. For detailed information about registry sharing strategies, see the library article Sharing Registry Space across Multiple Product Instances.

Configuring IS Analytics with a hostname

If you configure IS Analytics with a hostname, the relevant hostname (e.g., node2.analytics.com) should be added in the IS-Analytics_Home/repository/deployment/server/jaggeryapps/portal/configs/designer.json file as shown below for the IS Analytics dashboards to function. 

Code Block
languagejs
{
    ……..
    },

    "host": {
        "hostname": "node2.analytics.com",
        "port": "",
        "protocol": ""
    }
}

For complete instructions to change the default hostname of IS Analytics, see WSO2 DAS Documentation - Changing the Hostname.