Public protected resource sends an empty basic auth header if auth injection policy has been assigned

  • 7001815
  • 07-Nov-2008
  • 26-Apr-2012


Novell Access Manager
Novell Access Manager Service Pack 4


A public protected resource (no contract assigned) has been configured in order to inject the HTTP basic authorization header for users which have been already authenticated to another restricted (contract assigned) protected resource in the some cookie domain

For anonymous users (which are not logged in to any protected resource) the Linux Access Gateway (LAG) injects an empty http basic authorization. The expected behavior is that the LAG should not inject any basic HTTP authorization header.

BEA Weblogic 9 application server keeps on requesting for the User authentication credentials if it receives an empty basic HTTP authorization header injected by the LAG


This issue has bee addressed to engineering and will be fixed with Novell Access Manager Service Pack 4 Interims Release 1 (SP4IR1)