I need to review if this is feasible but there are a number of reports coming in where end users believe their server is not secured because our local / silent mechanism is working so quietly.

Initially this issue was to just output the authentication mechanism used however with the addition of access control to WildFly 8 there is additional information that will be useful: -

• Authentication Mechanism
• Current role membership (May need to take into account the address i.e. what roles do I have at this address)
• Additional items that may be used in an authorization decision? e.g. Confidential connection, time, address of client (verify a local connection does appear local)

Anything else that is included in the audit?
Could some of these attributes in a response be considered sensitive? Return everything except the sensitive ones.