This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Customizing Authentication Error Messages

The Identity Server has standard error messages for different authentication errors that are encountered. See Error Codes and Descriptions for more information on the standard error codes and descriptions of those errors. There are three types of custom errors handled here:

  • Invalid credentials
  • Invalid User
  • Account Lock

Note: Account Lock errors are returned only when account locking is enabled in the server.

Do the following to customize these error messages.

Enable the following parameter in the <IS_HOME>/repository/conf/identity/application-authentication.xml file if you need customized error messages.

<AuthenticatorConfig name="BasicAuthenticator" enabled="true"> 
	<Parameter name="showAuthFailureReason">true</Parameter>
</AuthenticatorConfig>

We send the following query parameters to the authentication endpoint web application and you can customize the error messages according to 'errorCode'.

  • errorCode
  • failedUsername
  • remainingAttempts