We have encountered this issue while setting up siteminder on weblogic 9.2
Once the request is authenticated through policy server/siteminder, weblogic would ask for login again.
This is because, for WebLogic Server versions 9.2 and later, client requests that use HTTP BASIC authentication must pass WebLogic Server authentication, even if access control is not enabled on the target resource.
The corresponding configMbean flag is enforce-valid-basic-auth-credentials and default is "true".
We would have to set this to "false" to disable default weblogic authentication.
For some reason, this does not seem to be configurable through Admin console.
We would have to edit config.xml as:
Link to BEA docs