diff --git a/mellon/adapters.py b/mellon/adapters.py
index 9b83bb3..f4c089b 100644
--- a/mellon/adapters.py
+++ b/mellon/adapters.py
@@ -268,6 +268,11 @@ class DefaultAdapter:
         if required_classref:
             given_classref = saml_attributes['authn_context_class_ref']
             if given_classref is None or given_classref not in required_classref:
+                logger.info(
+                    'mellon: refused login because of authn_classref mismatch (%r vs %s)',
+                    given_classref,
+                    required_classref,
+                )
                 raise PermissionDenied
         return True