We need this information for an audit

LDAP is not being used, so that should mean the mainframe is handling the authentication.  Does the Web Viewer product use the "Basic" HTTP authentication scheme (as defined in RFC 7617)?

If so, is this only for initial communication and a token is used for the rest of the life of the session?

Web Viewer 12.1

View 14.0

Web Viewer 12.1 does use mainframe credentials for the initial Web Viewer logon to DRAS (even for LDAP), and then again when the users request any View repository. For the HTTP communication Tomcat is handling all of the authentication to get to the logon screen, so RFC 7617 is not being used.