This documentation is for WSO2 Identity Server 5.5.0 . View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

The UserManagementErrorEventListener (i.e. org.wso2.carbon.user.core.listener.UserManagementErrorEventListener) is a new type of event listener that facilitates additional activities in the event of failures when executing user management scenarios or operations. The relevant caller class for this listener is org.wso2.carbon.user.core.common.AbstractUserManagementErrorListener. This type of event listener is similar to the UserOperation Listeners. The registered event listeners of this type are called when there is a failure while doing user management related tasks.


The getExecutionOrderId method returns the order ID of the relevant listener. Additionally, the following methods are exposed by this interface in order to support additional activities in an event of failure.

  • onAuthenticateFailure
  • onAddUserFailure
  • onUpdateCredentialFailure
  • onUpdateCredentialByAdminFailure
  • onDeleteUserFailure
  • onSetUserClaimValueFailure
  • onSetUserClaimValuesFailure
  • onDeleteUserClaimValuesFailure
  • onDeleteUserClaimValueFailure
  • onAddRoleFailure
  • onDeleteRoleFailure
  • onUpdateRoleNameFailure
  • onUpdateUserListOfRoleFailure
  • onUpdateRoleListOfUserFailure
  • onGetUserClaimValueFailure
  • onGetUserClaimValuesFailure
  • onUpdatePermissionsOfRoleFailure
  • onGetUserListFailure

Note: In order to return the order ID of a custom listener, you must override the getExecutionOrderId method. Specify a value greater than 0 for the custom listener as the order ID '0' is reserved for the default listener of WSO2 Identity Server.

For more information about the purpose of each method, see the java docs.

Enabling the audit logger

The UserManagementAuditLogger is responsible for adding audit logs during the execution of successful user management scenarios, and the UserMgtFailureAuditLogger handles the audit logs during the failure scenarios. Follow the instructions below to enable the improved audit logger introduced with the WUM update. 

  1. Update your WSO2 Identity Server pack using WSO2 Update Manager (WUM).
    For more information on how to do this, see Getting Started with WUM in the WSO2 Administration Guide. 
  2. Open the identity.xml file found in the <IS_HOME>/repository/conf/identity folder and add the following properties under the <EventListeners> tag.

    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                           orderId="1" enable="true"/>
    <EventListener type="org.wso2.carbon.user.core.listener.UserManagementErrorEventListener"
                           orderId="0" enable="true"/>
  3. Disable the old audit logger to avoid getting duplicate audit logs during success scenarios.
    To do this, open the identity.xml file found in the <IS_HOME>/repository/conf/identity folder and add the following properties under the <EventListeners> tag.

    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                           orderId="0" enable="false"/>
  4. Start the WSO2 Identity Server. 

    Note: Note that the format of the audit logs has been changed in the new audit logger as seen below.

    Old format of audit logs
    Initiator : admin@carbon.super | Action : Add User | Target : abcde | Data : { Roles : } | Result : Success  
    New format of audit logs
    Initiator=admin@carbon.super Action=Add-User Target=abcde1 Data={"Claims":{"urn:scim:schemas:core:1.0:userName":"abcde1","urn:scim:schemas:core:1.0:id":"07d75008-41ba-4659-b870-146d35cd504a","urn:scim:schemas:core:1.0:meta.lastModified":"2018-04-05T15:05:10","urn:scim:schemas:core:1.0:meta.created":"2018-04-05T15:05:10"}} Outcome=Success
  • No labels