diff --git a/src/main/java/org/codelibs/fess/sso/SsoManager.java b/src/main/java/org/codelibs/fess/sso/SsoManager.java
index f4af768d4..ea8e5f6dd 100644
--- a/src/main/java/org/codelibs/fess/sso/SsoManager.java
+++ b/src/main/java/org/codelibs/fess/sso/SsoManager.java
@@ -33,7 +33,11 @@ public class SsoManager {
     protected final List<SsoAuthenticator> authenticatorList = new ArrayList<>();
 
     public boolean available() {
-        return !NONE.equals(getSsoType());
+        final String ssoType = getSsoType();
+        if (logger.isDebugEnabled()) {
+            logger.debug("sso.type: {}", ssoType);
+        }
+        return !NONE.equals(ssoType);
     }
 
     public LoginCredential getLoginCredential() {
diff --git a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
index 3d166e9a1..1cba72624 100644
--- a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
@@ -123,6 +123,9 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
     @Override
     public LoginCredential getLoginCredential() {
         return LaRequestUtil.getOptionalRequest().map(request -> {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Logging in with Azure AD Authenticator");
+            }
             final HttpSession session = request.getSession(false);
             if (session != null && containsAuthenticationData(request)) {
                 try {
@@ -336,10 +339,16 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
     }
 
     protected boolean containsAuthenticationData(final HttpServletRequest request) {
+        if (logger.isDebugEnabled()) {
+            logger.debug("HTTP Method: {}", request.getMethod());
+        }
         if (!request.getMethod().equalsIgnoreCase("POST")) {
             return false;
         }
         final Map<String, String[]> params = request.getParameterMap();
+        if (logger.isDebugEnabled()) {
+            logger.debug("params: {}", params);
+        }
         return params.containsKey(ERROR) || params.containsKey(ID_TOKEN) || params.containsKey(CODE);
     }
 
diff --git a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
index e1d3f1ab4..79ed0ee36 100644
--- a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
@@ -84,6 +84,9 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
     @Override
     public LoginCredential getLoginCredential() {
         return LaRequestUtil.getOptionalRequest().map(request -> {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Logging in with OpenID Connect Authenticator");
+            }
             final HttpSession session = request.getSession(false);
             if (session != null) {
                 final String sesState = (String) session.getAttribute(OIC_STATE);
@@ -91,12 +94,12 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
                     session.removeAttribute(OIC_STATE);
                     final String code = request.getParameter("code");
                     final String reqState = request.getParameter("state");
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("code: {}, state(request): {}, state(session): {}", code, reqState, sesState);
+                    }
                     if (sesState.equals(reqState) && StringUtil.isNotBlank(code)) {
                         return processCallback(request, code);
                     }
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("code:" + code + " state(request):" + reqState + " state(session):" + sesState);
-                    }
                     return null;
                 }
             }
@@ -126,9 +129,9 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
             final String jwtSigniture = new String(Base64.decodeBase64(jwt[2]), Constants.UTF_8_CHARSET);
 
             if (logger.isDebugEnabled()) {
-                logger.debug("jwtHeader: " + jwtHeader);
-                logger.debug("jwtClaim: " + jwtClaim);
-                logger.debug("jwtSigniture: " + jwtSigniture);
+                logger.debug("jwtHeader: {}", jwtHeader);
+                logger.debug("jwtClaim: {}", jwtClaim);
+                logger.debug("jwtSigniture: {}", jwtSigniture);
             }
 
             // TODO validate signiture
@@ -142,6 +145,9 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
             attributes.put("jwtclaim", jwtClaim);
             attributes.put("jwtsign", jwtSigniture);
 
+            if (logger.isDebugEnabled()) {
+                logger.debug("attribute: {}", attributes);
+            }
             parseJwtClaim(jwtClaim, attributes);
 
             return new OpenIdConnectCredential(attributes);
diff --git a/src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java b/src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java
index 48c613d8c..44acbf8d4 100644
--- a/src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java
@@ -16,6 +16,7 @@
 package org.codelibs.fess.sso.spnego;
 
 import java.io.File;
+import java.util.Arrays;
 import java.util.Enumeration;
 
 import javax.annotation.PostConstruct;
@@ -102,6 +103,9 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
         return LaRequestUtil
                 .getOptionalRequest()
                 .map(request -> {
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Logging in with SPNEGO Authenticator");
+                    }
                     final HttpServletResponse response = LaResponseUtil.getResponse();
                     final SpnegoHttpServletResponse spnegoResponse = new SpnegoHttpServletResponse(response);
 
@@ -109,6 +113,9 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
                     final SpnegoPrincipal principal;
                     try {
                         principal = getAuthenticator().authenticate(request, spnegoResponse);
+                        if (logger.isDebugEnabled()) {
+                            logger.debug("principal: {}", principal);
+                        }
                     } catch (final Exception e) {
                         final String msg = "HTTP Authorization Header=" + request.getHeader(Constants.AUTHZ_HEADER);
                         if (logger.isDebugEnabled()) {
@@ -118,7 +125,11 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
                     }
 
                     // context/auth loop not yet complete
-                    if (spnegoResponse.isStatusSet()) {
+                    final boolean status = spnegoResponse.isStatusSet();
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("isStatusSet: {}", status);
+                    }
+                    if (status) {
                         return new ActionResponseCredential(() -> {
                             throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.",
                                     "401 Unauthorized", HttpServletResponse.SC_UNAUTHORIZED);
@@ -139,6 +150,9 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
                     }
 
                     final String[] username = principal.getName().split("@", 2);
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("username: {}", Arrays.toString(username));
+                    }
                     return new SpnegoCredential(username[0]);
                 }).orElseGet(() -> null);