This documentation is for WSO2 Identity Server 5.2.0 . View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

The statistics displayed in the Federated Login Attempts view includes the success and failure login attempts over time that happened through federated identity providers, and the distribution of login attempts over various dimensions such as service providers, identity providers, users and first time service providers.

The successful authentication attempt for a single federated step is considered a federated authentication success. Similarly, a failed authentication attempt for a single federated step is considered a federated authentication failure.

At any given time, this page displays the statistics for a selected time interval.

  • If you want to view statistics for a pre-defined time interval, click on the relevant time interval (e.g., Last 24 Hours).
     
  • If you want to define a custom time interval, click Custom and select the start and end dates of the required time interval in the calendar that appears. Then click Apply.
     

Login Attempts Over Time

 

View

(Example)

Description

 This gadget indicates the following.

  • The total number of login attempts during the selected time interval.
  • The success and the failure rate for login attempts during the selected time interval.

    Region map shown in the dashboard may not show all the regions for the login attempts. This is because the packed sample database does not contain complete data for all the IP addresses. Please create a new database with complete data and do necessary configurations in WSO2 IS Analytics Server. See Using Geolocation Based Statistics.

Purpose

This allows you to identify the login attempts handled by IS over time. As a result, you can understand the login patterns and detect deviations that may indicate unusual occurrences such as attacks, system downtime, etc.

Recommended Action

Check the success and failure rate at different time intervals to identify login patterns (e.g., different days of the week, different hours of the day). If there is a deviation from the observed pattern, check for unusual activity (e.g., attacks, system downtime etc.)

 

Login Attempts Distribution Over Top 10 Service Providers

 

View

(Example)

Description

This gadget ranks the top 10 service providers for the selected time interval based on their successful login attempts as well as failed login attempts. The number of successful/failed login attempts for each service provider is plotted on the chart in order to provide a comparison.

Purpose

This gadget allows you to:

  • Identify the most frequently accessed service providers.
  • Detect unusual occurrences based on significant changes in the frequency with which each service provider is accessed.

Recommended Action

Click on the bars corresponding to different service providers to view successful and failed login attempts filtered by the selected service provider.

Login Attempts Distribution Over Top 10 Identity Providers

 

View

(Example)

Description

This gadget ranks the top 10 federated identity providers for the selected time interval based on their successful login attempts as well as failed login attempts. The number of successful/failed login attempts for each federated identity provider is plotted on the chart in order to provide a comparison.

Purpose

This gadget allows you to:

  • Identify the most frequently accessed federated identity providers.
  • Detect unusual occurrences based on significant changes in the frequency with which each federated identity provider is accessed.

Recommended Action

  • Click on the bars corresponding to different identity providers to view the login success and failure attempts filtered by the selected identity provider.

  • Click on the Resident Identity Provider link to go to the resident identity provider view.

 

Login Attempts Distribution Over Top 10 Users

 

View

(Example)

Description

This gadget ranks the top 10 users for the selected time interval based on their successful login attempts as well as failed login attempts. The number of successful/failed login attempts of each user is plotted on the chart in order to provide a comparison.

Purpose

This gadget allows you to:

  • Identify the users that make the most frequent login attempts
  • Detect unusual occurrences based on significant changes in the frequency of the login attempts by each user.

Recommended Action

Click on the bars corresponding to different users to view the successful and failed login attempts filtered by the selected user.

 

Data Table

 

View

(Example)

Description

This gadget provides a list view of login attempts during the selected time interval. Details including the username, service provider, identity provider, user role, IP, whether the authentication was successful or not, and the time stamp are displayed for each login attempt. The login attempts are sorted by the username by default, but they can also be sorted by other fields in the ascending/descending order if required.

WSO2 Identity Server performs the authentication for a login in two stages as follows:

  • Step authentication - This may include one or more authentication steps.
  • Framework authentication

If you make a failed login attempt by failing one of the authentication steps, framework authentication is not carried out because the step authentication has failed. An entry is created in the table for each authentication step that was successful, and true is displayed in the Authentication Step Success field for each of these entries.

Purpose

This gadget allows you to identify the individual login attempts made during the selected time interval and view detailed information about them.

Recommended Action

Sort the records by each field available in order to identify the login patterns relating to each Username, Service Provider, Identity Provider, Region, and IP. Deviations from the identified patterns can help you to detect unusual occurrences.

  • No labels