Configuring Identity Analytics¶

Using the WSO2 Identity Server Analytics distribution, you can view and analyze statistics related to authentication requests that go through the WSO2 Identity Server. For more information, see Analytics.

Scenario¶

A taxi company called "Pickup" has launched a new application to be used by their customers. The Pickup developers wish to measure the performance of the authentication mechanism used for users to log into the application so that they can improve the user login experience.

To do this, the developers need to view authentication statistics about the login attempts to the application. This tutorial demonstrates how the Pickup developers can setup WSO2 IS Analytics to view login attempts to the Pickup application.

Set up¶

1. Download WSO2 Identity Server.

2. Download WSO2 Identity Server Analytics distribution.

Enable analytics¶

Follow the instructions given below.

• Open the deployment.toml file found in the <IS_HOME>/repository/conf folder and enable the following event publishers in WSO2 Identity Server.

  [identity_mgt.analytics_login_data_publisher]
  enable=true
  
  [identity_mgt.analytics_session_data_publisher] 
  enable=true

• Configure WSO2 IS to publish user information with pending status.

  For self registered users, by default, user information such as username, tenant domain, etc. will not be published to analytics if the account is in PENDING_SR state. Learn more about Account Pending Status.

  Note

  The capability of publishing user information for PENDING_SR users is available as an update in WSO2 IS 5.10.0 from 2022-06-01 onwards (WUM model) and from update level 146 onwards (Updates 2.0 model). If you don't already have this update, see the instructions on updating WSO2 products.

  • To enable this configuration globally, apply the following to the <IS_HOME>/repository/conf/deployment.toml file:

    [show_pending_user_information]
    enable=true

  • To enable this configuration per tenant, apply the following steps:

    1. First, be sure to enable the configuration management feature by using the Configuration Management REST APIs.

    2. Create a resource type named basic-authenticator-config through the following cURL command:

       curl --location --request POST 'https://localhost:9443/api/identity/config-mgt/v1.0/resource-type' --header 'accept: application/json' --header 'Content-Type: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' --data-raw '{"name": "basic-authenticator-config", "description": "This is the resource type for pending users."}'

    3. Then, create the user-information resource and the attribute through the following cURL command:

       curl --location --request POST 'https://localhost:9443/api/identity/config-mgt/v1.0/resource/basic-authenticator-config' --header 'accept: application/json' --header 'Content-Type: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' --data-raw '{"name": "user-information","attributes": [{"key": "ShowPendingUserInformation.enable","value": "true"}]}'

The rest of the configurations required to connect the analytics distribution with the WSO2 IS distribution have already been pre-configured for fresh distributions. To see more information about these pre-configurations, see Prerequisites to Publish Statistics.

If you do not need to change the default values, proceed to start the servers.

Start the servers¶

1. Navigate to <IS_HOME>/bin directory via a command prompt and start the WSO2 IS server by executing one of the following commands.

   Linux/MacOS

   sh wso2server.sh

   Windows

   wso2server.bat run

2. WSO2 IS Analytics has two nodes. Navigate to <ISANALYTICS_HOME>/bin directory and execute the following commands via a command prompt to start each node.

   1. Start the worker node. The worker node listens to the authentication statistics from WSO2 Identity Server and then analyzes and monitors them.

      Linux/MacOS

      sh worker.sh

      Windows

      worker.bat run

   2. Start the dashboard node. The dashboard node displays the processed information using the dashboard interface.

      Linux/MacOS

      sh dashboard.sh

      Windows

      dashboard.bat run

Try it out¶

Let's create some basic authentication statistics. To do this, log in to the WSO2 IS dashboard. This login attempt will be published to WSO2 IS Analytics and you will be able to view the login attempt using the WSO2 IS Analytics dashboard.

1. Log in to the WSO2 Identity Server User Portal using admin/admin credentials.

2. Next, access the WSO2 Identity Server Analytics Dashboard at the following URL:

   http://<HTTPS_IS_ANALYTICS_HOST>: 9643 /portal

3. Log in using admin/admin credentials.

4. Click IS Analytics.

   

   Note that there is 1 successful login attempt published on the dashboard.

   

You have succesfully enabled WSO2 IS Analytics and published statistics to the dashboard. For more information on what you can do with IS analytics, see Analytics.