This is realted to the OS of the Client.
He gets the security settings from the beacon and issues an association with the SSID after the PSK is typed in.
You will not see anything on the controller.
At least in my experience and with my tested Client Device.
You will only see this when you are doing 802.1X like EAP-PEAP with username and password. Ahead there is established a channel which receives a timeout if Client does not insert username / password combination.
This you will see in the auth-tracebuffer.