Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Add MFA based on ELK-risk

The following guide shows you how to prepare the WSO2 Identity server for adaptive authentication using ELK analytics.
The following guide shows you how to prepare WSO2 Identity Server for adaptive authentication using ELK analytics.

## Prerequisite

Expand All @@ -14,9 +14,9 @@ Follow the steps below to configure the analytics engine in WSO2 Identity Server

2. Select the relevant application and go to its **Login Flow** tab.

5. In the **Predefined Flows** > **Conditional Login Flows** section, click on the **`settings`** icon in the **ELK-Risk-Based** template.
3. In the **Predefined Flows** > **Conditional Login Flows** section, click on the **`settings`** icon in the **ELK-Risk-Based** template.

2. Configure the following properties.
4. Configure the following properties.
![elk-analytics-engine-properties]({{base_path}}/assets/img/elk-analytics/risk-based-adaptive-authentication/risk-based-adaptive-authentication-4.png){: width="800" style="display: block; margin-left: 0;"}

<table>
Expand Down Expand Up @@ -63,7 +63,7 @@ Follow the steps below to configure the analytics engine in WSO2 Identity Server
</tbody>
</table>

3. Click **Update** to save the changes.
5. Click **Update** to save the changes.

## Add Elasticsearch certificate to WSO2 Identity Server

Expand All @@ -80,4 +80,4 @@ To import the certificate, open a terminal window and run the following command.

## What's Next?

Now that you have prepared WSO2 Identity server for adaptive authentication using ELK analytics, [try an ELK-based adaptive authentication scenario]({{base_path}}/guides/authentication/conditional-auth/elk-risk-based-template).
Now that you have prepared WSO2 Identity Server for adaptive authentication using ELK analytics, [try an ELK-based adaptive authentication scenario]({{base_path}}/guides/authentication/conditional-auth/elk-risk-based-template).
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@

Follow the steps below to enable ELK-based analytics in WSO2 Identity Server.

1. Download and install WSO2 Identity Server.
1. Download and install {{product_name}}.

!!! note
For detailed information, see [Install WSO2 Identity Server]({{base_path}}/deploy/get-started/install/).

2. Open the `deployment.toml` file found in the `<IS_HOME>/repository/conf/` directory and add the following configuration.

```

Check failure on line 16 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should have a language specified

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:16 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md040.md
[analytics.elk]
enable=true
```
Expand All @@ -29,7 +29,7 @@

- Add the following appender configurations:

```

Check failure on line 32 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should have a language specified

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:32 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md040.md
appender.ANALYTICS_EVENT_LOGFILE.type = RollingFile
appender.ANALYTICS_EVENT_LOGFILE.name = ANALYTICS_EVENT_LOGFILE
appender.ANALYTICS_EVENT_LOGFILE.fileName =${sys:carbon.home}/repository/logs/analytics_events.log
Expand All @@ -52,11 +52,11 @@
To change the name of the log file and its location, change the **fileName** and **filePattern** parameters accordingly.

- Add `org.wso2.carbon.event.output.adapter.logger.LoggerEventAdapter` to the list of all loggers as follows:
```

Check failure on line 55 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should have a language specified

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:55 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md040.md

Check failure on line 55 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should be surrounded by blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:55 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md031.md
loggers = {other loggers}, org-wso2-carbon-event-output-adapter-logger-LoggerEventAdapter
```

Check failure on line 57 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should be surrounded by blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:57 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md031.md
- Add the following logger configurations.
```

Check failure on line 59 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should have a language specified

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:59 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md040.md

Check failure on line 59 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should be surrounded by blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:59 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md031.md
logger.org-wso2-carbon-event-output-adapter-logger-LoggerEventAdapter.name = org.wso2.carbon.event.output.adapter.logger.LoggerEventAdapter
logger.org-wso2-carbon-event-output-adapter-logger-LoggerEventAdapter.level = INFO
logger.org-wso2-carbon-event-output-adapter-logger-LoggerEventAdapter.appenderRef.CUSTOM_LOGFILE.ref = ANALYTICS_EVENT_LOGFILE
Expand All @@ -80,8 +80,8 @@
!!! note
Take note of the password generated for the `elastic` user.

### Install Filebeat

Check failure on line 83 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Headings should be surrounded by blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:83 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "### Install Filebeat"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md022.md
1. [Install Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#installation){:target="_blank"} according to your operating system.

Check failure on line 84 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Lists should be surrounded by blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:84 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "1. [Install Filebeat](https://..."] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md032.md

2. Open the **filebeat.yml** file in the root directory and add this [configuration](https://github.com/wso2-extensions/identity-elk-integration/blob/main/filebeat/filebeat.yml){:target="_blank"}.

Expand All @@ -89,7 +89,7 @@
- Replace `<IS_HOME>` with the location of your WSO2 Identity Server installation.
- To configure Filebeat to mask sensitive information in logs, follow this [guide]({{base_path}}/deploy/monitor/elk-mask-sensitive-information-in-logs).


Check failure on line 92 in en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md

View workflow job for this annotation

GitHub Actions / lint

Multiple consecutive blank lines

en/identity-server/7.1.0/docs/deploy/elk-analytics-installation-guide.md:92 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md012.md
### Install Logstash

1. [Install Logstash](https://www.elastic.co/guide/en/logstash/current/installing-logstash.html){:target="_blank"} according to your operating system.
Expand Down Expand Up @@ -128,20 +128,20 @@

4. Under **Stack Management** > **Data**, click **Index Management** and go to its **Index Templates** tab.

4. Under the **Index patterns** column, if you have any index patterns created under the following names, delete them before moving to the next step.
5. Under the **Index patterns** column, if you have any index patterns created under the following names, delete them before moving to the next step.

- wso2-iam-alert-auth*
- wso2-iam-alert-session*
- wso2-iam-auth-raw*
- wso2-iam-session-raw*
- wso2-iam-session-time-series*

5. Download the artifact file [here](https://github.com/wso2-extensions/identity-elk-integration/blob/main/kibana/saved-objects/kibana-8-x-auth-and-session.ndjson){: target="_blank"}.
6. Download the artifact file [here](https://github.com/wso2-extensions/identity-elk-integration/blob/main/kibana/saved-objects/kibana-8-x-auth-and-session.ndjson){: target="_blank"}.

6. Under **Stack Management** > **Kibana**, click **Saved Objects**.
7. Under **Stack Management** > **Kibana**, click **Saved Objects**.

7. Click **Import**, add the downloaded artifact file as an import object, and click **Import**.
8. Click **Import**, add the downloaded artifact file as an import object, and click **Import**.

8. Once import is complete, click **Done**.
9. Once import is complete, click **Done**.

9. On the left navigation panel, under **Analytics**, click **Dashboards** to view the created **Auth** and **Session** dashboards.
10. On the left navigation panel, under **Analytics**, click **Dashboards** to view the created **Auth** and **Session** dashboards.
Loading