Prerequisites to Publish Statistics

The following sections cover the prerequisites that should be completed in order to publish information relating to the processing carried out by WSO2 Identity Server (WSO2 IS) in the Analytics Dashboard of WSO2 Analytics - IS.

Downloading WSO2 IS Analytics

Follow the instructions below to download the binary distribution of WSO2 IS Analytics.

The binary distribution contains the binary files for both MS Windows, and Linux-based operating systems. You can also download, and build the source code.

Go to the WSO2 Identity Server previous releases page.
Select Version 5.5.0.
Enter your email address and click Download as shown below:

The installation prerequisites for IS - Analytics is the same as that of WSO2 Data Analytics Server. Therefore, for detailed information about the supporting applications you need to install, see Installation Prerequisites in WSO2 DAS documentation.

Running WSO2 Analytics - Identity Server

Once WSO2 Analytics - IS is downloaded, you can start its server and access its Management Console.

Tip:

In instances where you use Geolocation-based statistics, you need to set this up before startup. For more information, see Using Geolocation Based Statistics.
For detailed instructions to run a WSO2 product, see Running the Product.
For detailed instructions to run WSO2 IS Analytics in a clustered setup, see WSO2 Products Clustering and Deployment Guide - Clustering Data Analytics Server.

Running WSO2 Identity Server

The WSO2 Identity Server should run simultaneously with the WSO2 Analytics - IS server. For detailed instructions to run a WSO2 product, see Running the Product.

Open the Management Consoles of the two WSO2 products in two separate browsers to avoid signing off from one Management Console when you sign into the other.

Enabling analytics for Identity Server

To enable publishing statistics for WSO2 Identity Server in WSO2 Analytics - IS, the following listeners should be enabled in the <IS_HOME>/repository/conf/identity/identity.xml file.

Listener	`org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy`
Purpose	This is the common event listener for all the types of Analytics supported for WSO2 IS. This listener captures all the statistics sent to WSO2 IS Analytics as events, and redirects them to the relevant listener based on their type. Therefore, this listener is required to enable both session analytics and login analytics.
Configuration	<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler" name="org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy" orderId="11" enable="true"/>

Listener	`org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl`
Purpose	This listener should be enabled if you want to analyze statistics relating to logins attempted via WSO2 IS. For more information about this type of analytics, see Analyzing Statistics for Local Login Attempts.
Configuration	<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASLoginDataPublisherImpl" orderId="10" enable="true"/>

Listener	`org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl`
Purpose	This listener should be enabled if you want to analyze statistics for specific sessions in WSO2 IS Analytics. A session is a time duration between a successful login and and the subsequent log out by a specific user. For more informations about this type of Analytics, see Analyzing Statistics for Sessions.
Configuration	<EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler" name="org.wso2.carbon.identity.data.publisher.application.authentication.impl.DASSessionDataPublisherImpl" orderId="11" enable="true"/>

Configuring event publishers

The required configuration details described below are available by default. Follow this section to understand the Analytics related configurations used in the process and do any modifications if required.

Configuring event publishers involve providing the information required by WSO2 IS to publish login and/or session data to the Analytics - IS server in order to analyze the data using the Analytics Dashboard. This configuration is the same for login analytics and session analytics. The differences are as follows.

The configuration required for login analytics is located in the <IS_HOME>/repository/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-AuthenticationData.xml file. The configuration required for session analytics is located in the <IS_HOME>/repository/deployment/server/eventpublishers/IsAnalytics-Publisher-wso2event-SessionData.xml file.
The event streams used for login analytics and session analytics are different because the format in which the events are captured for the two types of analytics are different. For detailed information about event streams, see Understanding Event Streams and Event Tables.

The event streams specified for publishers should not be modified because that would cause errors in the existing default configuration.

The common properties that can be configured for event publishers in the files mentioned above are as follows.

Adapter Property	Description	Configuration file property	Example
Receiver URL	The URL of the target receiver to which IS related information is sent as events. The format of the URL is as follows. `tcp://<HOSTNAME>:<THRIFT_PORT>` The default port offsets done for WSO2 Analytics - IS server should be taken into consideration when specifying the thrift port. e.g., If the WSO2 Analytics - IS server was started with a port offset of 1, the thrift port should be `7612` instead of `7611`. For high availability scenarios, multiple analytics receivers can be defined by configuring multiple URLs (comma separated) with the format below. {tcp://<HOSTNAME>:<PORT>,tcp://<hostname>:<PORT>, ...} As per the above configuration, events are published to all the receivers defined. For other ways of configuring the receiver URLs, refer WSO2Event Event Receiver page.	receiverURL	`tcp://localhost:7612` for configuring multiple analytics receivers <property name="receiverURL">tcp://al.km.wso2.com:7614, tcp://al.km.wso2.com:7615</property>
Authenticator URL	The URL of the authenticator. The format of the authenticator URL is as follows: ssl://<HOSTNAME>:<SSL_PORT> The default port offsets done for WSO2 IS should be taken into consideration when specifying the SSL port. e.g., If the WSO2 IS server was started with a port offset of 1, the SSL port should be `7712` instead of `7711`. This parameter is not included in the `AuthenticationDataPublisher.xml` file by default. When it is not included, the authenticator URL is derived by adding 100 to the thrift port.	authenticatorURL	`ssl://localhost:7712`
User Name	The username of the listener. If the `EnableEmailUserName` property is set to `true` in the `<IS_HOME>/repository/conf/carbon.xml`, you should define the username with the tenant domain. e.g., `<property name="username">admin@wso2.com@carbon.super</property>` For more information, see Using Email Address as the Username.	username	wso2event-user
Password	A password for the listener.	password	wso2event-password
Protocol	The communication protocol that is used to publish events.	protocol	thrift/binary
Publishing Mode	The events publishing mode. Non-blocking refers to asynchronous publishing, and blocking refers to synchronous publishing.	publishingMode	non-blocking/blocking
Publishing Timeout	A positive integer to denote the timeout for the non-blocking publishing mode.	publishTimeout	0

Viewing event publishers and changing the admin password

In a fresh WSO2 Identity Server pack, in the <IS_HOME>/repository/deployment/server/eventpublishers directory, you can view all event publishers related to IS analytics.

The following is a sample of this configuration file named IsAnalytics-Publisher-wso2event-AuthenticationData.xml.

<eventPublisher
name="IsAnalytics-Publisher-wso2event-AuthenticationData"
statistics="disable" trace="disable" xmlns="http://wso2.org/carbon/eventpublisher">
	<from streamName="org.wso2.is.analytics.stream.OverallAuthentication" version="1.0.0"/>
	<mapping customMapping="disable" type="wso2event"/>
	<to eventAdapterType="wso2event">
		<property name="username">admin</property>
		<property name="protocol">thrift</property>
		<property name="publishingMode">non-blocking</property>
		<property name="publishTimeout">0</property>
		<property name="receiverURL">tcp://localhost:7612</property>
		<property encrypted="true" name="password">kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg</property>
	</to>
</eventPublisher>

In the above sample there is an encrypted password. However, in a fresh IS pack you can see a plain text password as shown below.

<property encrypted="false" name="password">admin</property>

Once you restart the pack it will get automatically encrypted. So if you want to change the admin password you need to include the new password as plain text in IS event publishers as shown below.

<property encrypted="false" name="password">new password</property>

Sharing the governance registry and user store

In order to log into the Analytics Dashboard with the credentials of a specific tenant (other than the super tenant) and view security statistics specific for that tenant, you need to share the governance registry and the user store. For detailed information about registry sharing strategies, see the library article Sharing Registry Space across Multiple Product Instances.

These datasources are configured with the H2 database type by default. If you configure them with MSSQL, add the SendStringParametersAsUnicode property to the database connection URL in the data source configuration in the <IS_ANALYTICS_HOME>/repository/conf/datasources/analytics-datasources.xml file as shown below to avoid deadlock issues that are caused when the same table row is updated in two or more sessions at the same time.

<url>SQLSERVER_JDBC_URL;SendStringParametersAsUnicode=false</url>

Configuring IS Analytics with a hostname

If you configure IS Analytics with a hostname, the relevant hostname (e.g., node2.analytics.com) should be added in the IS-Analytics_Home/repository/deployment/server/jaggeryapps/portal/configs/designer.json file as shown below for the IS Analytics dashboards to function.

{
    ........
    },

    "host": {
        "hostname": "node2.analytics.com",
        "port": "",
        "protocol": ""
    }
}

For complete instructions to change the default hostname of IS Analytics, see WSO2 DAS Documentation - Changing the Hostname.

If you created a new keystore for IS Analytics, you must import the public certificate of that keystore to the client-truststore.jks of the IS server. You can use following command to import that certificate.

keytool -import -alias <alias> -file <file_name> -keystore client-truststore.jks -storepass wso2carbon