Administrator

Login Fails when Both Basic and SPNEGO Login Modules Are Used

Problem

When an SAP system is configured with both BASIC and SPNEGO login modules, and you try to use basic authentication, the SPNEGO module takes precedence and returns an authentication challenge (HTTP status 401 and header WWW-Authenticate: Negotiate), which the HttpAuthenticationLoginModule cannot handle, so login fails.

Workaround

Add the query parameter, ?spnego=disabled, to the URL of HttpAuthenticationLoginModule in security profile. For example: https://<path_to_profile>/?spnego=disabled