org.apache.catalina.realm.RealmBase.authenticate(GSSContext, boolean) does not log when an incomplete GSS context is passed, it simply returns null. Given that an authenticator is incorrectly implemented, this would be unnnoticed. Many resources on the net never care about context completion and think pass token and this is it.
Created attachment 34465 [details] Log incomplete context
Thanks for the report and the patch. Fixed in: - trunk for 9.0.0.M14 onwards - 8.5.x for 8.5.9 onwards - 8.0.x for 8.0.40 onwards - 7.0.x for 7.0.74 onwards