diff --git a/.vale/styles/config/vocabularies/vocab/accept.txt b/.vale/styles/config/vocabularies/vocab/accept.txt index 6acc928028..66deb5cb5a 100644 --- a/.vale/styles/config/vocabularies/vocab/accept.txt +++ b/.vale/styles/config/vocabularies/vocab/accept.txt @@ -42,3 +42,9 @@ backchannel frontchannel URL timeframe +hostnames +keystores +vCPUs +failover +[Ff]ailover +liveness diff --git a/en/identity-server/next/docs/deploy/choose-your-deployment-path.md b/en/identity-server/next/docs/deploy/choose-your-deployment-path.md new file mode 100644 index 0000000000..8265a217f4 --- /dev/null +++ b/en/identity-server/next/docs/deploy/choose-your-deployment-path.md @@ -0,0 +1,84 @@ +# Choose your deployment path + +This page helps you select the right deployment path for WSO2 Identity Server based on your goals, environment, and operational requirements. Each path provides a focused, step-by-step sequence from prerequisites to a verified, running deployment. + +## Before you begin + +Before you select a deployment path, gather the following information: + +- **Deployment goal** — Are you evaluating WSO2 Identity Server, or preparing for production use? +- **Availability requirements** — Do you need high availability (HA), disaster recovery (DR), or a single-node setup? +- **Platform preference** — Will you deploy on virtual machines, bare metal, or a container platform such as Kubernetes or OpenShift? +- **Expected user base** — How many concurrent users and transactions per second (TPS) do you expect? +- **Infrastructure inputs** — Do you have your database, user store, hostnames, TLS certificates, and load balancer details ready? + +## Deployment paths + +WSO2 Identity Server supports four deployment paths. Each path targets a specific use case and guides you through only the steps relevant to that scenario. + +### Path A: Evaluation (single node) + +A single-node WSO2 Identity Server instance with default configuration, suitable for feature exploration and proof-of-concept testing. Set up takes under 1 hour. + +[Get started with Path A]({{base_path}}/deploy/deployment-paths/evaluation){ .md-button } + +--- + +### Path B: Production (single region, high availability) + +A two-node (or more) clustered deployment fronted by a load balancer, connected to an external database and user store, with TLS and security hardening applied. This path covers the most common production scenario. + +[Get started with Path B]({{base_path}}/deploy/deployment-paths/production-ha){ .md-button } + +--- + +### Path C: Production (multi-region, disaster recovery) + +A multi-region deployment with data replication, regional failover, and disaster recovery capabilities. Builds on Path B. + +[Get started with Path C]({{base_path}}/deploy/deployment-paths/production-dr){ .md-button } + +--- + +### Path D: Container platforms (Kubernetes and OpenShift) + +A containerized, orchestrated deployment on Kubernetes or OpenShift with automated scaling, rolling updates, and declarative configuration management.. + +[Get started with Path D]({{base_path}}/deploy/deployment-paths/containers){ .md-button } + +--- + +## Compare deployment paths + +Use the following table to compare paths at a glance. + +| Criteria | Path A: Evaluation | Path B: Production HA | Path C: Multi-region DR | Path D: Containers | +|---|---|---|---|---| +| **Nodes** | 1 | 2+ | 2+ per region | 2+ pods | +| **Database** | Embedded H2 | External RDBMS | External RDBMS per region | External RDBMS | +| **Load balancer** | Not required | Required | Required per region | Ingress controller | +| **High availability** | No | Yes | Yes | Yes | +| **Disaster recovery** | No | No | Yes | Depends on cluster setup | +| **Clustering** | No | Yes (WKA, AWS, or Kubernetes scheme) | Yes | Yes (Kubernetes scheme) | +| **Security hardening** | Default | Full hardening | Full hardening | Full hardening | +| **Typical audience** | Developers, evaluators | Platform engineers, infrastructure architects, DevOps teams | Platform engineers, infrastructure architects, DevOps teams | Platform engineers, infrastructure architects, DevOps teams | + +## After you complete a path + +Once you select a path and complete the deployment, refer to these resources for ongoing operations: + +- [Performance tuning recommendations]({{base_path}}/deploy/performance/performance-tuning-recommendations) — Optimize JVM, OS, and database settings for your workload. +- [Backup and recovery recommendations]({{base_path}}/deploy/backup-and-recovery-recommendations) — Establish backup schedules for databases and file systems. +- [Monitor WSO2 Identity Server]({{base_path}}/deploy/monitor/) — Configure logging, health checks, and alerts. +- [Security guidelines]({{base_path}}/deploy/security/security-guidelines/) — Review and apply product, OS, and network security hardening. +- [Upgrade WSO2 Identity Server]({{base_path}}/deploy/upgrade/upgrade-wso2-is) — Apply updates and upgrade to newer versions. +- [Compliance]({{base_path}}/deploy/compliance/) — Meet GDPR, CCPA, FIPS, and FAPI requirements. + +## Next steps + +Select the deployment path that matches your requirements and follow the linked guides. If you need help deciding, consider the following: + +- **Starting fresh?** Begin with **Path A** to explore the product, then move to **Path B** or **Path D** for production. +- **Going to production on virtual machines?** Start with **Path B** directly. +- **Need geographic redundancy?** Complete **Path B** first, then extend with **Path C**. +- **Running Kubernetes or OpenShift?** Go directly to **Path D**. diff --git a/en/identity-server/next/docs/deploy/deployment-paths/containers.md b/en/identity-server/next/docs/deploy/deployment-paths/containers.md new file mode 100644 index 0000000000..8d49d4f85d --- /dev/null +++ b/en/identity-server/next/docs/deploy/deployment-paths/containers.md @@ -0,0 +1,60 @@ +# Path D: Container platforms (Kubernetes and OpenShift) + +Use this path to deploy WSO2 Identity Server on Kubernetes or OpenShift with platform-native orchestration, automated scaling, and declarative configuration management. + +## Overview + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Who this path targetsPlatform engineers, infrastructure architects, and DevOps teams deploying WSO2 Identity Server on Kubernetes or OpenShift.
What you will buildA containerized, orchestrated WSO2 Identity Server deployment with automated scaling, rolling updates, and platform-native service discovery.
What this path excludesVirtual machine or bare-metal deployment details. For those, see Path B or Path C.
Estimated duration1 to 3 days, depending on cluster readiness and familiarity with Kubernetes or OpenShift.
Pre-requisites +
    +
  • A running Kubernetes (1.20+) or OpenShift (4.x+) cluster
    • +
  • An external RDBMS accessible from the cluster
    • +
  • A user store (JDBC-based or LDAP/Active Directory)
    • +
  • Container registry access for WSO2 Identity Server images
    • +
  • An ingress controller or route configuration for external access
    • +
  • TLS certificates for the deployment hostname
    • +
+
Exit criteriaWSO2 Identity Server pods run and pass readiness and liveness probes. Authentication flows complete through the ingress endpoint. Rolling updates apply without service interruption.
+ +## Choose this path when + +- Your organization standardizes on Kubernetes or OpenShift. +- You want platform-native orchestration and automated scaling. +- You prefer declarative configuration management for your deployments. + +## Key resources + +- [Deploy on Kubernetes]({{base_path}}/deploy/deploy-is-on-kubernetes) +- [Deploy on OpenShift]({{base_path}}/deploy/deploy-is-on-openshift) +- [Kubernetes membership scheme]({{base_path}}/deploy/deployment-guide#clustering-related-configurations) (clustering configuration) + +## Next steps + +- Review [day-2 operations]({{base_path}}/deploy/choose-your-deployment-path#after-you-complete-a-path) for performance tuning, monitoring, and backup recommendations. +- Return to [Start here and choose your deployment path]({{base_path}}/deploy/choose-your-deployment-path) to compare all paths. diff --git a/en/identity-server/next/docs/deploy/deployment-paths/evaluation.md b/en/identity-server/next/docs/deploy/deployment-paths/evaluation.md new file mode 100644 index 0000000000..ab4e912756 --- /dev/null +++ b/en/identity-server/next/docs/deploy/deployment-paths/evaluation.md @@ -0,0 +1,58 @@ +# Path A: Evaluation (single node) + +Use this path to explore WSO2 Identity Server features, build a proof of concept, or familiarize yourself with the product before planning a production deployment. + +## Overview + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Who this path targetsDevelopers, architects, and technical evaluators exploring WSO2 Identity Server features for the first time.
What you will buildA single-node WSO2 Identity Server instance running with default or minimal configuration, suitable for feature exploration and proof-of-concept testing.
What this path excludesHigh availability, clustering, production-grade security hardening, performance tuning, and disaster recovery.
Estimated durationUnder 1 hour.
Pre-requisites + +
Exit criteriaWSO2 Identity Server starts, and you can sign in to the Console at https://localhost:9443/console.
+ +!!! warning "Not for production use" + The evaluation path uses the embedded H2 database and default keystores. Do not use this configuration in production environments. + +## Choose this path when + +- You want to test WSO2 Identity Server features in a local environment. +- You need to build a proof of concept or demo. +- You want to familiarize yourself with the product before planning a production deployment. + +## Key steps + +1. [Install WSO2 Identity Server]({{base_path}}/deploy/get-started/install) on your machine. +2. [Start WSO2 Identity Server]({{base_path}}/deploy/get-started/run-the-product) and verify the Console loads. + +## Next steps + +- After evaluating the product, move to [Path B: Production (single region, HA)]({{base_path}}/deploy/deployment-paths/production-ha) or [Path D: Container platforms]({{base_path}}/deploy/deployment-paths/containers) for production deployment. +- Return to [Start here and choose your deployment path]({{base_path}}/deploy/choose-your-deployment-path) to compare all paths. diff --git a/en/identity-server/next/docs/deploy/deployment-paths/production-dr.md b/en/identity-server/next/docs/deploy/deployment-paths/production-dr.md new file mode 100644 index 0000000000..e5e8755a86 --- /dev/null +++ b/en/identity-server/next/docs/deploy/deployment-paths/production-dr.md @@ -0,0 +1,75 @@ +# Path C: Production (multi-region, disaster recovery) + +Use this path to deploy WSO2 Identity Server across geographic regions with cross-region redundancy, failover, and disaster recovery capabilities. + +## Overview + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Who this path targetsPlatform engineers, infrastructure architects, and DevOps teams who require cross-region redundancy, low-latency access for geographically distributed users, or regulatory compliance for data residency.
What you will buildA multi-region WSO2 Identity Server deployment with data replication, regional failover, and disaster recovery capabilities.
What this path excludesSingle-region HA details (complete Path B first). Container orchestration specifics (see Path D for Kubernetes or OpenShift).
Estimated duration1 to 2 weeks, depending on the number of regions, data replication strategy, and network configuration.
Pre-requisites +
    +
  • All pre-requisites from Path B, replicated per region
    • +
  • A data replication strategy (identity and configuration data, or partitioned by region)
    • +
  • Cross-region network connectivity and DNS failover configuration
    • +
  • Database replication technology (database-vendor-specific)
    • +
+
Exit criteriaEach region operates independently during normal conditions. Failover to a secondary region completes within the defined RTO. Data consistency meets the defined RPO.
+ +!!! note "Complete Path B first" + Multi-region deployments build on single-region HA. Establish a working single-region cluster before adding cross-region replication and failover. + +## Choose this path when + +- You need to survive an entire region failure. +- You serve geographically distributed users and require low-latency access. +- You must meet data residency regulations that require data to remain in specific regions. + +## Data replication considerations + +WSO2 Identity Server data falls into three categories: + +- **Identity and entitlement data** — usernames, passwords, attributes, roles, and role assignments. +- **Configuration data** — service providers, identity providers, and policies. +- **Operational data** — sessions, OAuth2 tokens, and logs. + +Your replication strategy depends on your requirements: + +- Synchronize all data across regions. +- Synchronize only configuration data and partition identity data by region. +- Partition all data by region. + +## Key resources + +- [Understanding disaster recovery]({{base_path}}/deploy/disaster-recovery/understanding-disaster-recovery) +- [Disaster recovery deployment patterns]({{base_path}}/deploy/disaster-recovery/disaster-recovery-deployment-patterns) +- [Additional reading on disaster recovery]({{base_path}}/deploy/disaster-recovery/additional-reading-on-disaster-recovery) + +## Next steps + +- Review [day-2 operations]({{base_path}}/deploy/choose-your-deployment-path#after-you-complete-a-path) for performance tuning, monitoring, and backup recommendations. +- Return to [Start here and choose your deployment path]({{base_path}}/deploy/choose-your-deployment-path) to compare all paths. diff --git a/en/identity-server/next/docs/deploy/deployment-paths/production-ha.md b/en/identity-server/next/docs/deploy/deployment-paths/production-ha.md new file mode 100644 index 0000000000..c495e062e6 --- /dev/null +++ b/en/identity-server/next/docs/deploy/deployment-paths/production-ha.md @@ -0,0 +1,66 @@ +# Path B: Production (single region, high availability) + +Use this path to deploy a resilient, production-grade WSO2 Identity Server cluster within a single data center or cloud region. This path covers the most common production scenario. + +## Overview + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Who this path targetsPlatform engineers, infrastructure architects, and DevOps teams deploying WSO2 Identity Server for production workloads in a single data center or cloud region.
What you will buildA two-node (or more) clustered WSO2 Identity Server deployment fronted by a load balancer, connected to an external database and user store, with TLS and security hardening applied.
What this path excludesMulti-region replication, disaster recovery, and container orchestration. For those requirements, see Path C or Path D.
Estimated duration1 to 3 days, depending on environment readiness and organizational approval processes.
Pre-requisites +
    +
  • Two or more machines meeting the system requirements (at least 4 vCPUs, 4 GB RAM, 10 GB disk each)
    • +
  • An external RDBMS (PostgreSQL, MySQL, Oracle, MSSQL, or MariaDB)
    • +
  • A load balancer (for example, NGINX or a cloud-native load balancer)
    • +
  • TLS certificates for the deployment hostname
    • +
  • The production hostname and DNS records
    • +
+
Exit criteriaBoth nodes respond to health checks behind the load balancer, authentication flows complete successfully, and the deployment passes the deployment checklist.
+ +## Choose this path when + +- You need a resilient, production-grade deployment within a single region. +- You require high availability with automatic failover between nodes. +- Your users access WSO2 Identity Server from a single geographic region. + +## Key steps + +1. [Install WSO2 Identity Server]({{base_path}}/deploy/get-started/install) on each node. +2. [Set up external databases]({{base_path}}/deploy/set-up-separate-databases-for-clustering) for identity, shared, and consent data. +3. [Change the hostname]({{base_path}}/deploy/change-the-hostname) to your production hostname. +4. [Configure TLS]({{base_path}}/deploy/security/configure-transport-level-security) for transport-level security. +5. [Separate keystores]({{base_path}}/deploy/security/keystores/) for signing, encryption, and TLS. +6. [Configure clustering and the membership scheme]({{base_path}}/deploy/deployment-guide#clustering-related-configurations) (WKA, AWS EC2). +7. [Front with a load balancer]({{base_path}}/deploy/front-with-the-nginx-load-balancer) and enable sticky sessions. +8. [Apply security hardening]({{base_path}}/deploy/security/security-guidelines/) at product, OS, and network levels. +9. Verify the deployment against the [deployment checklist]({{base_path}}/deploy/deployment-checklist). + +## Next steps + +- To add geographic redundancy and disaster recovery, continue to [Path C: Production (multi-region, DR)]({{base_path}}/deploy/deployment-paths/production-dr). +- Review [day-2 operations]({{base_path}}/deploy/choose-your-deployment-path#after-you-complete-a-path) for performance tuning, monitoring, and backup recommendations. +- Return to [Start here and choose your deployment path]({{base_path}}/deploy/choose-your-deployment-path) to compare all paths. diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml index 3b2c1361b1..d71ca80e9d 100644 --- a/en/identity-server/next/mkdocs.yml +++ b/en/identity-server/next/mkdocs.yml @@ -966,147 +966,154 @@ nav: - Build your own push authenticator app: references/tutorials/build-your-own-push-authenticator-app.md - Secure Agentic AI Systems with WSO2 Identity Server: tutorials/secure-agentic-ai-systems.md - Setup: - - Install: - - Install: deploy/get-started/install.md - - Run: deploy/get-started/run-the-product.md - - Get WSO2 updates: deploy/get-started/get-wso2-updates.md - - Configure: - - User Stores: - - User Stores: deploy/configure/user-stores/index.md - - Add high availability for LDAP: deploy/configure/user-stores/configure-high-availability-ldap.md - - Secure a JDBC user store with hashing: deploy/configure/user-stores/securing-a-user-store-with-hashing.md - - Configure the Authorization Manager: deploy/configure/user-stores/configure-authorization-manager.md - - Configure the System Administrator: deploy/configure/user-stores/configure-system-administrator.md - - Databases: - - Databases: deploy/configure/databases/index.md - - Change the Carbon Database: - - Change the Carbon Database: deploy/configure/databases/carbon-database/index.md - - Change to IBM DB2: deploy/configure/databases/carbon-database/change-to-ibm-db2.md - - Change to MariaDB: deploy/configure/databases/carbon-database/change-to-mariadb.md - - Change to MSSQL: deploy/configure/databases/carbon-database/change-to-mssql.md - - Change to MySQL: deploy/configure/databases/carbon-database/change-to-mysql.md - - Change to Oracle: deploy/configure/databases/carbon-database/change-to-oracle.md - - Change to Oracle RAC: deploy/configure/databases/carbon-database/change-to-oracle-rac.md - - Change to PostgreSQL: deploy/configure/databases/carbon-database/change-to-postgresql.md - - Change to remote H2: deploy/configure/databases/carbon-database/change-to-remote-h2.md - - Change the Default Datasource for Consent Management: deploy/configure/databases/carbon-database/change-datasource-consent-management.md - - Change the Default Datasource for Session Data: deploy/configure/databases/carbon-database/change-datasource-session.md - - Change the Default Datasources for the Registry Data: deploy/configure/databases/carbon-database/change-datasource-registry-data.md - - Change the Default Datasource for Agent Identities: deploy/configure/databases/carbon-database/change-datasource-agent-identity.md - - Data Dictionary: - - Registry Related Tables: deploy/configure/databases/data-dictionary/registry-related-tables.md - - User Management Related Tables: deploy/configure/databases/data-dictionary/user-management-related-tables.md - - Identity Related Tables: deploy/configure/databases/data-dictionary/identity-related-tables.md - - Service Provider Related Tables: deploy/configure/databases/data-dictionary/service-provider-related-tables.md - - Identity Provider Related Tables: deploy/configure/databases/data-dictionary/identity-provider-related-tables.md - - Data Purging: deploy/configure/databases/data-purging.md - - Remove References to Deleted User Identities: deploy/configure/databases/remove-references-to-deleted-user-identities.md - - Session persistence: deploy/configure/session-persistence.md - - Cross-Origin Resource Sharing (CORS): deploy/configure/configure-cors.md - - Clock tolerance: deploy/configure/clock-tolerance.md - - Cookie consent banner: deploy/configure/cookie-consent-banner.md - - Secure: - - Mitigate attacks: - - Mitigate attacks: deploy/mitigate-attacks/index.md - - Cross Site Request Forgery attacks: deploy/mitigate-attacks/mitigate-cross-site-request-forgery-attacks.md - - Authorization Code Interception attacks: deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks.md - - Brute Force attacks: deploy/mitigate-attacks/mitigate-brute-force-attacks.md - - Replay attacks: deploy/mitigate-attacks/timestamp-in-ws-security-to-mitigate-replay-attacks.md - - SameSite attribute support: deploy/samesite-attribute-support.md - - Prevent browser caching: deploy/security/prevent-browser-caching.md - - Work with tokens: - - Add logs for tokens: deploy/add-logs-for-tokens.md - - Token persistence: deploy/token-persistence.md - - Remove unused tokens from the database: deploy/remove-unused-tokens-from-the-database.md - - Enable assertions in access tokens: deploy/enable-assertions-in-access-tokens.md - - Generate JWT tokens without revoking existing tokens: deploy/generate-jwt-tokens-without-revoking-existing-tokens.md - #- Configure rsync for Deployment Synchronization: deploy/configuring-rsync-for-deployment-synchronization.md - - Enable hostname verification: deploy/enable-hostname-verification.md - - Transport Level Security: - - Configure TLS: deploy/security/configure-transport-level-security.md - - Configure TLS termination: deploy/configure-tls-termination.md - - Configure post-quantum TLS: deploy/security/configure-post-quantum-tls.md - - Maintain logins and passwords: deploy/security/maintain-logins-and-passwords.md - - Configure Admin Advisory Banner: deploy/security/configure-admin-advisory-banner.md - - Secure passwords in configuration files: - - Encrypt passwords with Cipher Tool: deploy/security/encrypt-passwords-with-cipher-tool.md - - Resolve encrypted passwords: deploy/security/resolve-encrypted-passwords.md - - Customize secure vault: deploy/security/customize-secure-vault.md - - Set passwords using environment variables/system properties: deploy/security/set-passwords-using-environment-variables-or-system-properties.md - - Enable HTTP Strict Transport Security (HSTS) headers: deploy/security/enable-hsts.md - - Enable Java Security Manager: deploy/security/enable-java-security-manager.md - - Enable Mutual SSL: deploy/security/enable-mutual-ssl.md - - Enable FIPS 140-2-compliant mode: deploy/security/enable-fips-for-is.md - - Security guidelines: - - Security guidelines: deploy/security/security-guidelines/index.md - - Product-level: deploy/security/security-guidelines/product-level-security-guidelines.md - - OS-level: deploy/security/security-guidelines/os-level-security-guidelines.md - - Network-level: deploy/security/security-guidelines/network-level-security-guidelines.md - - Encryption: - - Symmetric encryption: - - Symmetric encryption: deploy/security/symmetric-encryption/index.md - - Asymmetric encryption: - - Asymmetric encryption: deploy/security/asymmetric-encryption/index.md - - Keystores: - - Keystores: deploy/security/keystores/index.md - - Create new keystores: deploy/security/keystores/create-new-keystores.md - - Manage keystores: deploy/security/keystores/configure-keystores.md - - Manage CA-Signed certificates in a keystore: deploy/security/keystores/manage-ca-signed-certificates-in-a-keystore.md - - Configure custom keystores for authentication protocols: deploy/security/keystores/configure-custom-keystores.md - - Clean up flow context: deploy/flow-context-cleanup.md - - Deploy: - - Deployment overview: - - Deployment Patterns: deploy/deployment-guide.md - - Deployment Checklist: deploy/deployment-checklist.md - - Product Compatibility: deploy/product-compatibility.md - - Change the Hostname: deploy/change-the-hostname.md - - Restrict public access to management operations: deploy/configure-console-hostname.md - - Promote Configurations Across Environments: deploy/promote-configurations.md - - High Availability (HA) and clustering: - - WSO2 Clusters with Nginx: deploy/front-with-the-nginx-load-balancer.md - - Databases for Clustering: deploy/set-up-separate-databases-for-clustering.md - - Configure Hazelcast: deploy/configure-hazelcast.md - - Containerized deployments: - - Kubernetes: deploy/deploy-is-on-kubernetes.md - - OpenShift: deploy/deploy-is-on-openshift.md - - Performance and scaling: - - Performance Tuning Recommendations: deploy/performance/performance-tuning-recommendations.md - - Configure Cache Layers: deploy/performance/configure-cache-layers.md - - Multi-data center deployments (Disaster Recovery): - - Understanding Disaster Recovery: deploy/disaster-recovery/understanding-disaster-recovery.md - - Deployment Patterns: deploy/disaster-recovery/disaster-recovery-deployment-patterns.md - - Additional Reading: deploy/disaster-recovery/additional-reading-on-disaster-recovery.md - - Maintenance and troubleshooting in Production: - - Backup and Recovery Recommendations: deploy/backup-and-recovery-recommendations.md - - Troubleshoot in Production Environments: deploy/monitor/troubleshoot-in-production-environments.md - - Compliance: - - Compliance: deploy/compliance/index.md - - GDPR: deploy/compliance/gdpr.md - - CCPA: deploy/compliance/ccpa.md - - FIPS: deploy/compliance/fips.md - - FAPI: deploy/compliance/fapi.md - - Accessibility compliance: deploy/compliance/accessibility.md - - Analytics: - - Configure ELK analytics: deploy/elk-analytics-installation-guide.md - - Configure SSO with ELK analytics: deploy/elk-analytics-sso-guide.md - - Configure ELK alerts: deploy/elk-configuring-alerts.md - - Configure ELK analytics for adaptive authentication: deploy/elk-analytics-for-adaptive-authentication.md - - Monitor: - - Monitor: deploy/monitor/index.md - - Monitor logs: - - Overview: deploy/monitor/monitor-logs.md - - HTTP access logs: deploy/monitor/http-access-logging.md - - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md - - Remote log publishing: deploy/monitor/remote-log-publishing.md - - Mask sensitive info: - - Overview: deploy/monitor/mask-sensitive-information-in-logs.md - - Log masking with Filebeat: deploy/monitor/elk-mask-sensitive-information-in-logs.md - - Log masking with Log4j: deploy/monitor/log4j-mask-sensitive-information-in-logs.md - - Log claims in audit logs: deploy/monitor/log-claims-in-audit-logs.md - - Monitor server health: deploy/monitor/monitor-server-health.md - - JMX-Based Monitoring: deploy/monitor/jmx-based-monitoring.md - - Work with product observability: deploy/monitor/work-with-product-observability.md - - Upgrade WSO2 Identity Server: deploy/upgrade/upgrade-wso2-is.md + - Choose your deployment path: deploy/choose-your-deployment-path.md + - Deployment paths: + - "Path A: Evaluation (single node)": deploy/deployment-paths/evaluation.md + - "Path B: Production (single region, HA)": deploy/deployment-paths/production-ha.md + - "Path C: Production (multi-region, DR)": deploy/deployment-paths/production-dr.md + - "Path D: Container platforms (Kubernetes and OpenShift)": deploy/deployment-paths/containers.md + - Detailed resources: + - Install: + - Install: deploy/get-started/install.md + - Run: deploy/get-started/run-the-product.md + - Get WSO2 updates: deploy/get-started/get-wso2-updates.md + - Configure: + - User Stores: + - User Stores: deploy/configure/user-stores/index.md + - Add high availability for LDAP: deploy/configure/user-stores/configure-high-availability-ldap.md + - Secure a JDBC user store with hashing: deploy/configure/user-stores/securing-a-user-store-with-hashing.md + - Configure the Authorization Manager: deploy/configure/user-stores/configure-authorization-manager.md + - Configure the System Administrator: deploy/configure/user-stores/configure-system-administrator.md + - Databases: + - Databases: deploy/configure/databases/index.md + - Change the Carbon Database: + - Change the Carbon Database: deploy/configure/databases/carbon-database/index.md + - Change to IBM DB2: deploy/configure/databases/carbon-database/change-to-ibm-db2.md + - Change to MariaDB: deploy/configure/databases/carbon-database/change-to-mariadb.md + - Change to MSSQL: deploy/configure/databases/carbon-database/change-to-mssql.md + - Change to MySQL: deploy/configure/databases/carbon-database/change-to-mysql.md + - Change to Oracle: deploy/configure/databases/carbon-database/change-to-oracle.md + - Change to Oracle RAC: deploy/configure/databases/carbon-database/change-to-oracle-rac.md + - Change to PostgreSQL: deploy/configure/databases/carbon-database/change-to-postgresql.md + - Change to remote H2: deploy/configure/databases/carbon-database/change-to-remote-h2.md + - Change the Default Datasource for Consent Management: deploy/configure/databases/carbon-database/change-datasource-consent-management.md + - Change the Default Datasource for Session Data: deploy/configure/databases/carbon-database/change-datasource-session.md + - Change the Default Datasources for the Registry Data: deploy/configure/databases/carbon-database/change-datasource-registry-data.md + - Change the Default Datasource for Agent Identities: deploy/configure/databases/carbon-database/change-datasource-agent-identity.md + - Data Dictionary: + - Registry Related Tables: deploy/configure/databases/data-dictionary/registry-related-tables.md + - User Management Related Tables: deploy/configure/databases/data-dictionary/user-management-related-tables.md + - Identity Related Tables: deploy/configure/databases/data-dictionary/identity-related-tables.md + - Service Provider Related Tables: deploy/configure/databases/data-dictionary/service-provider-related-tables.md + - Identity Provider Related Tables: deploy/configure/databases/data-dictionary/identity-provider-related-tables.md + - Data Purging: deploy/configure/databases/data-purging.md + - Remove References to Deleted User Identities: deploy/configure/databases/remove-references-to-deleted-user-identities.md + - Session persistence: deploy/configure/session-persistence.md + - Cross-Origin Resource Sharing (CORS): deploy/configure/configure-cors.md + - Clock tolerance: deploy/configure/clock-tolerance.md + - Cookie consent banner: deploy/configure/cookie-consent-banner.md + - Secure: + - Mitigate attacks: + - Mitigate attacks: deploy/mitigate-attacks/index.md + - Cross Site Request Forgery attacks: deploy/mitigate-attacks/mitigate-cross-site-request-forgery-attacks.md + - Authorization Code Interception attacks: deploy/mitigate-attacks/mitigate-authorization-code-interception-attacks.md + - Brute Force attacks: deploy/mitigate-attacks/mitigate-brute-force-attacks.md + - Replay attacks: deploy/mitigate-attacks/timestamp-in-ws-security-to-mitigate-replay-attacks.md + - SameSite attribute support: deploy/samesite-attribute-support.md + - Prevent browser caching: deploy/security/prevent-browser-caching.md + - Work with tokens: + - Add logs for tokens: deploy/add-logs-for-tokens.md + - Token persistence: deploy/token-persistence.md + - Remove unused tokens from the database: deploy/remove-unused-tokens-from-the-database.md + - Enable assertions in access tokens: deploy/enable-assertions-in-access-tokens.md + - Generate JWT tokens without revoking existing tokens: deploy/generate-jwt-tokens-without-revoking-existing-tokens.md + #- Configure rsync for Deployment Synchronization: deploy/configuring-rsync-for-deployment-synchronization.md + - Enable hostname verification: deploy/enable-hostname-verification.md + - Transport Level Security: + - Configure TLS: deploy/security/configure-transport-level-security.md + - Configure TLS termination: deploy/configure-tls-termination.md + - Configure post-quantum TLS: deploy/security/configure-post-quantum-tls.md + - Maintain logins and passwords: deploy/security/maintain-logins-and-passwords.md + - Configure Admin Advisory Banner: deploy/security/configure-admin-advisory-banner.md + - Secure passwords in configuration files: + - Encrypt passwords with Cipher Tool: deploy/security/encrypt-passwords-with-cipher-tool.md + - Resolve encrypted passwords: deploy/security/resolve-encrypted-passwords.md + - Customize secure vault: deploy/security/customize-secure-vault.md + - Set passwords using environment variables/system properties: deploy/security/set-passwords-using-environment-variables-or-system-properties.md + - Enable HTTP Strict Transport Security (HSTS) headers: deploy/security/enable-hsts.md + - Enable Java Security Manager: deploy/security/enable-java-security-manager.md + - Enable Mutual SSL: deploy/security/enable-mutual-ssl.md + - Enable FIPS 140-2-compliant mode: deploy/security/enable-fips-for-is.md + - Security guidelines: + - Security guidelines: deploy/security/security-guidelines/index.md + - Product-level: deploy/security/security-guidelines/product-level-security-guidelines.md + - OS-level: deploy/security/security-guidelines/os-level-security-guidelines.md + - Network-level: deploy/security/security-guidelines/network-level-security-guidelines.md + - Encryption: + - Symmetric encryption: + - Symmetric encryption: deploy/security/symmetric-encryption/index.md + - Asymmetric encryption: + - Asymmetric encryption: deploy/security/asymmetric-encryption/index.md + - Keystores: + - Keystores: deploy/security/keystores/index.md + - Create new keystores: deploy/security/keystores/create-new-keystores.md + - Manage keystores: deploy/security/keystores/configure-keystores.md + - Manage CA-Signed certificates in a keystore: deploy/security/keystores/manage-ca-signed-certificates-in-a-keystore.md + - Configure custom keystores for authentication protocols: deploy/security/keystores/configure-custom-keystores.md + - Clean up flow context: deploy/flow-context-cleanup.md + - Deploy: + - Deployment overview: + - Deployment Patterns: deploy/deployment-guide.md + - Deployment Checklist: deploy/deployment-checklist.md + - Product Compatibility: deploy/product-compatibility.md + - Change the Hostname: deploy/change-the-hostname.md + - Restrict public access to management operations: deploy/configure-console-hostname.md + - Promote Configurations Across Environments: deploy/promote-configurations.md + - High Availability (HA) and clustering: + - WSO2 Clusters with Nginx: deploy/front-with-the-nginx-load-balancer.md + - Databases for Clustering: deploy/set-up-separate-databases-for-clustering.md + - Configure Hazelcast: deploy/configure-hazelcast.md + - Containerized deployments: + - Kubernetes: deploy/deploy-is-on-kubernetes.md + - OpenShift: deploy/deploy-is-on-openshift.md + - Performance and scaling: + - Performance Tuning Recommendations: deploy/performance/performance-tuning-recommendations.md + - Configure Cache Layers: deploy/performance/configure-cache-layers.md + - Multi-data center deployments (Disaster Recovery): + - Understanding Disaster Recovery: deploy/disaster-recovery/understanding-disaster-recovery.md + - Deployment Patterns: deploy/disaster-recovery/disaster-recovery-deployment-patterns.md + - Additional Reading: deploy/disaster-recovery/additional-reading-on-disaster-recovery.md + - Maintenance and troubleshooting in Production: + - Backup and Recovery Recommendations: deploy/backup-and-recovery-recommendations.md + - Troubleshoot in Production Environments: deploy/monitor/troubleshoot-in-production-environments.md + - Compliance: + - Compliance: deploy/compliance/index.md + - GDPR: deploy/compliance/gdpr.md + - CCPA: deploy/compliance/ccpa.md + - FIPS: deploy/compliance/fips.md + - FAPI: deploy/compliance/fapi.md + - Accessibility compliance: deploy/compliance/accessibility.md + - Analytics: + - Configure ELK analytics: deploy/elk-analytics-installation-guide.md + - Configure SSO with ELK analytics: deploy/elk-analytics-sso-guide.md + - Configure ELK alerts: deploy/elk-configuring-alerts.md + - Configure ELK analytics for adaptive authentication: deploy/elk-analytics-for-adaptive-authentication.md + - Monitor: + - Monitor: deploy/monitor/index.md + - Monitor logs: + - Overview: deploy/monitor/monitor-logs.md + - HTTP access logs: deploy/monitor/http-access-logging.md + - OAuth transaction logs: deploy/monitor/oauth-transaction-logs.md + - Remote log publishing: deploy/monitor/remote-log-publishing.md + - Mask sensitive info: + - Overview: deploy/monitor/mask-sensitive-information-in-logs.md + - Log masking with Filebeat: deploy/monitor/elk-mask-sensitive-information-in-logs.md + - Log masking with Log4j: deploy/monitor/log4j-mask-sensitive-information-in-logs.md + - Log claims in audit logs: deploy/monitor/log-claims-in-audit-logs.md + - Monitor server health: deploy/monitor/monitor-server-health.md + - JMX-Based Monitoring: deploy/monitor/jmx-based-monitoring.md + - Work with product observability: deploy/monitor/work-with-product-observability.md + - Upgrade WSO2 Identity Server: deploy/upgrade/upgrade-wso2-is.md - SDKs: - Integrate WSO2 IS into your application: integrations/index.md - SDK Documentation: