Negotiate header sent even when application has Basic Auth specified (Doc ID 1378308.1)

Last updated on MAY 24, 2017

Applies to:

Oracle Weblogic Server - Version: 10.3 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

Weblogic does not honor the deployment descriptor in web.xml

Use Case:

In a Weblogic Server 10.3 domain configured with Negotiate Identity Asserter in the default realm if there is an application with Basic Authentication specified in Deployment Descriptor of web.xml and this application is deployed on server, while testing the application it is observed that WWW-Authenticate: Negotiate header is always sent to the client.

Changes

Basic Authentication specified in Deployment Descriptor of web.xml

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms