I have installed WSO2 IS (5.10) and Analytics (5.8), on separate servers, following the WSO2 IS documentation. I am successfully getting authentication events received into Analytics and can view them (after many headaches with IS insisting on using ports and SSL that I never told it to use - another story).
Now I can log into the dashboard, (/portal, admin/admin), and I see the IS events. Where do I manage portal users, permissions, and authentication? I want to add additional viewers (via LDAP) but can't even find a place to change the admin password, never mind manage additional users.
Nor can I find any documentation on how to manager users in Analytics. Any help is appreciated.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I came across this admin-dashboard component and am just curious what it is or what it can do.
It is mentioned in WSO2 documentation related to workflow customization. I did not find any related pages dedicated to this component. What is it, and what is designed for, or what it can do?
Any help is appreciated.
Its created for the administrative tasks and few other tasks. You can do the following using the admin dashboard.
There are several activities related to api store which we can configure workflows. For example, if someone wants to sign up to your store, you can submit it for the store owner's approval. Other places where you can configure work flows are application creation and api subscription. Such pending approval appear in the admin dashboard where the admin can approve or reject them.
You can upload customized themese for api store
This also provides a UI for adding and editing throttling tiers.
In the next releases this will get more such functionalities added.
We have some security requirements from customer, so we need to configure/develop detailed audit logging which will log user actions done in Carbon Management console - i.e. datasource modification, service modification in WSO2 ESB.
Is there any way do this using included log4j?
We are using WSO2 Enterprise Service Bus 4.8.1 and WSO2 Application Server 5.2.1
WSO2 products has an audit log which can be found in the repository/logs folder. But the problem is, this audit log has very little audit information. Reason is as follows.
WSO2 products are built using a collection of reusable osgi componentns. For example, for data sources related operations we have one component and for proxy related operations we have another.
Now, the problem here is, these individual components has not put enough audit logs to cover the user operations. Therefore, your requirement seems to be difficult to achieve.
There are some extension points in WSO2 products where you can use to do your own tasks upon certain actions such as user login, user creation. For example, you can implement a certain interface and print whatever log you want upon a successful user login or a failed login attempt. But, those extension points are limited mostly to user management related operations.
All the HTTP communication done with the server is already logged in HTTP access logs in CARBON_HOME/repository/logs. You can use a log analyzer tool or even grep to capture any desired user action.
Ex: To get the log ins to datasources page use
cat http_access_2016-06-02.log | grep "GET /carbon/ndatasource/index.jsp"
How do we ensure tenant based logging in WSO2?
We do not want logs from different customers getting mingled. Essentially, what we are looking for is completely different directories for each tenant's logs.
I have read a fair bit of documentation for the same and there does not seem to be an out of the box solution.
Any tips is appreciated.
The logs are separate in memory, so you may login to the carbon console as a tenant admin and check Monitor -> System Logs to see the logs dedicated to that specific tenant.
However, there is no OOTB solution to dividing the text based logs by tenant.
I would like to have my application http://app.acquee.com/designer to accept a google account as a login. I found a bunch of libs for django but most work on top of existing Django authentication system that I do not use. I have my own set of user tables where I keep user info and privileges.
Any suggestion on how to integrate that with the Google Openid?
Seems I will have to do it manually using python-openid. Or could I use django-openid?
However, with the latter, I don't even know how to issue the discover command.
Regardless, I get stuck on google's step 5, sending a login authentication request (optionally with OAuth parameters) to the provided endpoint address. Can someone provide a sample request? is it a GET/POST? content?
Cheers
You can try https://launchpad.net/django-openid-auth - I'm using it in a commercial project, for both regular Google Accounts and Google Apps accounts. I remember that it was the most convincing one at the time I was doing a review, although I can't give you any details now due to my short memory. Anyway - it's working great.