Negotiate header Sent Even when Application has Basic Auth Specified
(Doc ID 1378308.1)
Last updated on SEPTEMBER 04, 2020
Applies to:Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.
Weblogic does not honor the deployment descriptor in web.xml
In a Weblogic Server 10.3 domain configured with Negotiate Identity Asserter in the default realm if there is an application with Basic Authentication specified in Deployment Descriptor of web.xml and this application is deployed on server, while testing the application it is observed that WWW-Authenticate: Negotiate header is always sent to the client.
Basic Authentication specified in Deployment Descriptor of web.xml
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document