you should put level to TRACE not just DEBUG
also enable trace for org.jboss.security and org.jboss.as.security if you are debugging auth problems.
Thanks, that seems to work. However it seems there is very little trace coming from the management interface after the server is started, so I will keep looking.
Trying to TRACE on org.jboss.as.management as well.