Configure ELK Analytics for Adaptive Authentication¶
The following guide shows you how to prepare the MWARE IAM for adaptive authentication using ELK analytics.
Prerequisite¶
Configure ELK Analytics in MWARE IAM.
Configure the analytics engine in MWARE IAM¶
Follow the steps below to configure the analytics engine in MWARE IAM that establishes the connection between MWARE IAM and ELK.
- Access the MWARE IAM Management Console and sign in as an admin user.
- Under Identity Providers click Resident.
- Expand Other Settings > Analytics Engine Configuration > ELK Analytics.
- Configure the following properties.
Property Description Elasticsearch Host The target hostname and target port for the Elasticsearch. Enable Basic Authentication Select to enable authentication with username and password credentials. Elasticsearch Username The username of the Elasticsearch admin user. Elasticsearch Password The password of the Elasticsearch admin user. HTTP Connection Timeout The connection timeout interval in milliseconds. If the endpoint does not respond within this time, the connection attempt has failed. HTTP Read Timeout The timeout interval in milliseconds for each call of read()
on theInputStream
. If the server does not respond with data within this time, the connection is terminated.HTTP Connection Request Timeout The timeout interval in milliseconds for requesting a connection with Elasticsearch. Hostname Verification Possible values are: STRICT or ALLOW_ALL.
STRICT - When this mode is enabled, hostnames will be strictly verified against the hostname specified in the product's SSL certificate. For example, if "*. foo.com " is specified as the hostname in the certificate, only this specific hostname is authorized by the server. That is, subdomains such as " a.b.foo.com " or ip addresses such as "127.10.11.1" will not be authorized.
ALLOW_ALL - This option turns off hostname verification for the server. Note that this is not recommended in a production setup and should only be used for demonstrations and testing. - Click Update
Add Elasticsearch certificate to MWARE IAM¶
An HTTP connection is used to communicate between MWARE IAM and Elasticsearch. Therefore the Elasticsearch certificate needs to be imported to the MWARE IAM.
To import the certificate, open a terminal window and run the following command.
keytool -trustcacerts -keystore {IS_HOME}/repository/resources/security/client-truststore.jks -storepass wso2carbon -importcert -alias elk -file {ELASTICSEARCH_HOME}/config/certs/http_ca.crt
Info
This example uses the default keystores and certificates. Replace {IS_HOME} and {ELASTICSEARCH_HOME} accordingly. The default keystore password is wso2carbon
.
What's Next?¶
Now that you have prepared WSO2 Idenity server for adaptive authentication using ELK analytics, try a scenario.
Top