3467240 - SSO login not working in AS Java - Authorization header received is not SPNEGO token

The NetWeaver AS Java is configured for Kerberos Authentication. Kerberos authentication fails for some or all clients due to the browser sending a NTLM token and not a SPNego token which is required for successful authentication

After collecting Authentication trace as per SAP Note 1045019 example 3, resulted trace shows:

[…]
LOGIN.FAILED
User: <...>
IP Address: <...>
Authentication Stack: sap.com/tc~lm~itsam~ui~mainframe~wd*webdynpro_resources_sap.com_tc~lm~itsam~ui~mainframe~wd
Authentication Stack Properties:
        policy_domain = /webdynpro/resources/sap.com/tc~lm~itsam~ui~mainframe~wd
        realm_name = Upload Protected Area
Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false      false      true      
[...]
2. com.sap.security.core.server.jaas.SPNegoLoginModule                     OPTIONAL    ok          exception  true       true       Authorization header received is not SPNEGO token: Basic <user name>:<secure content>
3. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          true       true       true      
4. com.sap.security.core.server.jaas.CreateTicketLoginModule               OPTIONAL    ok          true       true       true      
Central Checks                                                                                                exception             Missing new password
Logon policies are disabled
[…]

SAP NetWeaver Application Server Java using SPNego/Kerberos/LDAP authentication

LDAP, directory server, AD, ADFS. Windows, Windows AD, active directory, directory service , KBA , BC-JAS-SEC-LGN , Logon, SSO , Problem