diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/api/STSApi.scala b/src/main/scala/com/ing/wbaa/rokku/sts/api/STSApi.scala
index 8d80e14..25fd66d 100644
--- a/src/main/scala/com/ing/wbaa/rokku/sts/api/STSApi.scala
+++ b/src/main/scala/com/ing/wbaa/rokku/sts/api/STSApi.scala
@@ -24,17 +24,16 @@ trait STSApi extends LazyLogging with TokenXML {
 
   private def parseDurationSeconds(aui: AuthenticationUserInfo, durationSeconds: Option[Int]): Duration = {
     val maxTokenSession = if (aui.isNPA) stsSettings.maxTokenSessionForNPADuration else stsSettings.maxTokenSessionDuration
+    logger.debug("maxTokenSession {}", maxTokenSession)
     val durationRequested = durationSeconds.map(ds => Duration(ds, TimeUnit.SECONDS))
-    val d = durationRequested match {
+    val durationResult = durationRequested match {
       case None => stsSettings.defaultTokenSessionDuration
       case Some(durationRequested) =>
         if (durationRequested > maxTokenSession) maxTokenSession
-        else durationRequested
+    else durationRequested
     }
-    logger.debug("stsSettings.maxTokenSessionForNPADuration {}", stsSettings.maxTokenSessionForNPADuration)
-    logger.debug("stsSettings.maxTokenSessionDuration {}", stsSettings.maxTokenSessionDuration)
-    logger.debug("durationRequested {}", durationRequested)
-    d
+    logger.debug("durationResult {}", durationResult)
+    durationResult
   }
 
   private def getSessionTokenInputs(aui: AuthenticationUserInfo) = {
diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala b/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala
index c240d45..26d9c84 100644
--- a/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala
+++ b/src/main/scala/com/ing/wbaa/rokku/sts/keycloak/KeycloakTokenVerifier.scala
@@ -23,14 +23,15 @@ trait KeycloakTokenVerifier extends LazyLogging {
   import scala.jdk.CollectionConverters._
 
   /**
-   * Temporary we define NPA be Name - later we will change it to some keycloak role
+   * Temporary we define NPA by Name - later we will change it to some keycloak role
    * @param keycloakToken
    * @return true if NPA
    */
   private def isNPA(keycloakToken: AccessToken): Boolean = {
+    val isNPA = keycloakToken.getName == "NPA NPA"
     logger.debug("user getName={}", keycloakToken.getName)
-    logger.debug("is NPA={}", keycloakToken.getName == "NPA NPA")
-    keycloakToken.getName == "NPA NPA"
+    logger.debug("is NPA={}", isNPA)
+    isNPA
   }
 
   protected[this] def verifyAuthenticationToken(token: BearerToken): Option[AuthenticationUserInfo] = Try {