Environment
Novell Access Manager
Novell Access Manager Service Pack 4
Novell Access Manager Service Pack 4
Situation
A public protected resource (no contract assigned) has been configured in order to inject the HTTP basic authorization header for users which have been already authenticated to another restricted (contract assigned) protected resource in the some cookie domain
For anonymous users (which are not logged in to any protected resource) the Linux Access Gateway (LAG) injects an empty http basic authorization. The expected behavior is that the LAG should not inject any basic HTTP authorization header.
BEA Weblogic 9 application server keeps on requesting for the User authentication credentials if it receives an empty basic HTTP authorization header injected by the LAG
For anonymous users (which are not logged in to any protected resource) the Linux Access Gateway (LAG) injects an empty http basic authorization. The expected behavior is that the LAG should not inject any basic HTTP authorization header.
BEA Weblogic 9 application server keeps on requesting for the User authentication credentials if it receives an empty basic HTTP authorization header injected by the LAG
Resolution
This issue has bee addressed to engineering and will be fixed with Novell Access Manager Service Pack 4 Interims Release 1 (SP4IR1)