In case when authenticator.authenticate() in authenticate() method of org.wildfly.elytron.web.undertow.server.SecurityContextImpl [1] throws exception, then this exception is hidden and only internal server error status is returned. Thrown exception should be logged.

This issue can be cause of JBEAP-9377.

[1] https://github.com/wildfly-security/elytron-web/blob/49241df4afcc37158c54959fd52b8b5b619f2209/undertow/src/main/java/org/wildfly/elytron/web/undertow/server/SecurityContextImpl.java#L97