diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 9a9740b7bccc4..84b6ccf5b77e9 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -275,7 +275,8 @@ public function __construct(string $appName, array $urlParams = [], ServerContai
 					$c->get(IControllerMethodReflector::class),
 					$c->get(ISession::class),
 					$c->get(IUserSession::class),
-					$c->get(ITimeFactory::class)
+					$c->get(ITimeFactory::class),
+					$c->get(LoggerInterface::class),
 				)
 			);
 			$dispatcher->registerMiddleware(
diff --git a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
index a72a7a4001623..2eebd75aa85f5 100644
--- a/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
@@ -33,6 +33,7 @@
 use OCP\IUserSession;
 use OCP\User\Backend\IPasswordConfirmationBackend;
 use ReflectionMethod;
+use Psr\Log\LoggerInterface;
 
 class PasswordConfirmationMiddleware extends Middleware {
 	/** @var ControllerMethodReflector */
@@ -43,25 +44,20 @@ class PasswordConfirmationMiddleware extends Middleware {
 	private $userSession;
 	/** @var ITimeFactory */
 	private $timeFactory;
+	private LoggerInterface $logger;
 	/** @var array */
 	private $excludedUserBackEnds = ['user_saml' => true, 'user_globalsiteselector' => true];
 
-	/**
-	 * PasswordConfirmationMiddleware constructor.
-	 *
-	 * @param ControllerMethodReflector $reflector
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param ITimeFactory $timeFactory
-	 */
 	public function __construct(ControllerMethodReflector $reflector,
 								ISession $session,
 								IUserSession $userSession,
-								ITimeFactory $timeFactory) {
+								ITimeFactory $timeFactory,
+								LoggerInterface $logger) {
 		$this->reflector = $reflector;
 		$this->session = $session;
 		$this->userSession = $userSession;
 		$this->timeFactory = $timeFactory;
+		$this->logger = $logger;
 	}
 
 	/**
@@ -89,6 +85,11 @@ public function beforeController($controller, $methodName) {
 			$lastConfirm = (int) $this->session->get('last-password-confirm');
 			// we can't check the password against a SAML backend, so skip password confirmation in this case
 			if (!isset($this->excludedUserBackEnds[$backendClassName]) && $lastConfirm < ($this->timeFactory->getTime() - (30 * 60 + 15))) { // allow 15 seconds delay
+				$this->logger->warning("User {uid} on backend {backendclass} requires password confirmation for {method}", [
+					"uid" => $user->getUID(),
+					"backendclass" => $backendClassName,
+					"method" => $controller::class . '::' . $methodName,
+				]);
 				throw new NotConfirmedException();
 			}
 		}