From a546d5aec1ae4cf853d5cb8d078f0eda8f0cb476 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20Fred=C3=A9n?=
 <109296772+jfreden@users.noreply.github.com>
Date: Mon, 17 Feb 2025 16:11:22 +0100
Subject: [PATCH] Improve jwt logging on failed auth (#122247)

Update docs/changelog/122247.yaml
---
 docs/changelog/122247.yaml                                   | 5 +++++
 .../org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java | 4 +---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 docs/changelog/122247.yaml

diff --git a/docs/changelog/122247.yaml b/docs/changelog/122247.yaml
new file mode 100644
index 0000000000000..95c02a6f19fb3
--- /dev/null
+++ b/docs/changelog/122247.yaml
@@ -0,0 +1,5 @@
+pr: 122247
+summary: Improve jwt logging on failed auth
+area: Authentication
+type: bug
+issues: []
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java
index 7613e7b3972af..bc157536434f4 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/jwt/JwtRealm.java
@@ -263,12 +263,10 @@ public void authenticate(final AuthenticationToken authenticationToken, final Ac
                     + tokenPrincipal
                     + "] with header ["
                     + jwtAuthenticationToken.getSignedJWT().getHeader()
-                    + "] and claimSet ["
-                    + jwtAuthenticationToken.getJWTClaimsSet()
                     + "]";
 
                 if (logger.isTraceEnabled()) {
-                    logger.trace(msg, ex);
+                    logger.trace(msg + " and claimSet [" + jwtAuthenticationToken.getJWTClaimsSet() + "]", ex);
                 } else {
                     logger.debug(msg + " Cause: " + ex.getMessage()); // only log the stack trace at trace level
                 }