In Access Gateway there is a Session Assurance application log stored by default in the following location:
Note that this log will not be generated until the first request is performed.
You can edit the following file to define the desired log levels for each component:
The following values are the valid log levels available, ordered from less to more verbosity:
INFO (which is the default value)
Also, you can enable audit logs in the Policy Server to get more information on the authentication and authorization activity related to Session Assurance.