There has been added SSO trace logging in Undertow in this Jira. It is just fine but I think that such log messages should use Undertow's SECURITY_LOGGER as they relate to security. When user enables such logger, he/she should see all security related problems in undertow on one place. Also another advantage might be that now one has to raise log level of root-logger to TRACE, to see those messages.