When enabling Basic credentials provider on a project, multiple authentification boxes are shown at login. This seems to be because multiple HTTP requests (querying JS or resource files) are sent to the server, before even getting the home page.

CAS credentials provider seems to be broken for similar reasons.