This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Logging Claims in Audit Logs
- Gomathy Kumarakuruparan (Unlicensed)
This feature enables to specify the required claims to be logged in audit logs.
To use this feature, apply the 3963 WUM update for WSO2 IS 5.3.0 using the WSO2 Update Manager (WUM).
To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.
Follow the steps given below in order to configure this feature.
Make the following changes in the identitiy.xml file in <CARBON_HOME>/repository/conf/identity to enable the audit logger.
Add the following entry within
<EventListeners>to enable the listener.<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.user.mgt.listeners.UserClaimsAuditLogger" orderId="9" enable="true"/>
Before the
</Server>element, add the following entry to define the claims that should be logged into the audit log.<LoggableUserClaims> <LoggableUserClaim>http://wso2.org/claims/identity/accountLocked</LoggableUserClaim> <LoggableUserClaim>http://wso2.org/claims/role</LoggableUserClaim> </LoggableUserClaims>In the above configuration, you can define any claim available in the http://wso2.org/claims dialect as a
LoggableUserClaim. The accountLocked and role claims have been used here only as examples.On making the above mentioned changes, claims will be logged into the
audit.logfile in<IS_HOME>/repository/log.