There is this particular FAQ that caught my attention.
Q: My container log file is filling up with messages from OpenAM's OAuth authorization service and OpenID Connect provider. What can I do to prevent all these messages from being logged?
I shall paste the answer shamelessly from the OpenAM documentation.
This behavior is governed by the log settings for RESTlet, which is used by OpenAM for OAuth 2.0 and OpenID Connect 1.0. Use log configuration settings to turn off logging from RESTlet.
For example, if your container is Apache Tomcat, follow these steps.
1. Stop Tomcat.
2. Edit the Tomcat settings script, catalina.sh or catalina.bat, to use the logging configuration file.
For example, in /path/to/tomcat/bin/catalina.sh, uncomment the following line, and then save your work:
3. In $CATALINA_BASE/conf/logging.properties, add the following line, and then save your work:
4. Start Tomcat.
I have seen these logs in catalina.out in my customer's Tomcat servers, but did not find the time to find out why they appear there. This solves the mystery. :)