• When use "Require Windows Integrated Authentication Credentials" Assertion along with the Authorization Context Variables  "kerberos.data.authorizations.0.pac.logoninfo.user.name" to extract the user name from the kerberos ticket, it's empty.
• After enable kerberos debug, it shows,

         STDOUT: >>> KrbApReq: authenticate succeed.

• No other error in ssg log.
• After change the log level to FINE, it shows following error,

         "Unable to extract kerberos authorization data from the kerberos ticket: Malformed PAC logon info."


To enable kerberos debug, refer to,
Enable Kerberos debug on CA APIM layer7 gateway

To change log level, refer to product document, (change both log.level cluster-wide property, and the threshold of the ssg log sink)
Gateway Logging Levels and Thresholds

Release : All supported gateway versions

Component : Integration with APM

Malformed PAC logon info on new KerberosToken

Enable Kerberos debug on CA APIM layer7 gateway