Skip to content

Configure ELK Analytics for Adaptive Authentication

The following guide shows you how to prepare the WSO2 Identity server for adaptive authentication using ELK analytics.

Prerequisite

Configure ELK Analytics in WSO2 Identity Server.

Configure the analytics engine in WSO2 IS

Follow the steps below to configure the analytics engine in WSO2 Identity Server that establishes the connection between WSO2 Identity Server and ELK.

  1. Access the WSO2 Identity Server Management Console and sign in as an admin user.
  2. Under Identity Providers click Resident.
  3. Expand Other Settings > Analytics Engine Configuration > ELK Analytics.
  4. Configure the following properties. elk-analytics-engine-properties
    Property Description
    Elasticsearch Host The target hostname and target port for the Elasticsearch.
    Enable Basic Authentication Select to enable authentication with username and password credentials.
    Elasticsearch Username The username of the Elasticsearch admin user.
    Elasticsearch Password The password of the Elasticsearch admin user.
    HTTP Connection Timeout The connection timeout interval in milliseconds. If the endpoint does not respond within this time, the connection attempt has failed.
    HTTP Read Timeout The timeout interval in milliseconds for each call of read() on the InputStream . If the server does not respond with data within this time, the connection is terminated.
    HTTP Connection Request Timeout The timeout interval in milliseconds for requesting a connection with Elasticsearch.
    Hostname Verification Possible values are: STRICT or ALLOW_ALL.
    STRICT - When this mode is enabled, hostnames will be strictly verified against the hostname specified in the product's SSL certificate. For example, if "*. foo.com " is specified as the hostname in the certificate, only this specific hostname is authorized by the server. That is, subdomains such as " a.b.foo.com " or ip addresses such as "127.10.11.1" will not be authorized.
    ALLOW_ALL - This option turns off hostname verification for the server. Note that this is not recommended in a production setup and should only be used for demonstrations and testing.
  5. Click Update

Add Elasticsearch certificate to WSO2 Identity Server

An HTTP connection is used to communicate between WSO2 IS and Elasticsearch. Therefore the Elasticsearch certificate needs to be imported to the WSO2 IS.

To import the certificate, open a terminal window and run the following command.

  keytool -trustcacerts -keystore {IS_HOME}/repository/resources/security/client-truststore.jks -storepass wso2carbon -importcert -alias elk -file {ELASTICSEARCH_HOME}/config/certs/http_ca.crt

Info

This example uses the default keystores and certificates. Replace {IS_HOME} and {ELASTICSEARCH_HOME} accordingly. The default keystore password is wso2carbon.

What's Next?

Now that you have prepared WSO2 Idenity server for adaptive authentication using ELK analytics, try a scenario.

Top