After I configured WNA with weblogic/OAM and successfully tested it with a WNA enabled browser, I found that when a user tried to login with a browser that did not support WNA, he got two login screens, one for OAM11g and one for Weblogic. It appears that with the fallback login, the basic authentication scheme is used. This scheme is checked by OAM, but there is a second check by default, performed by Weblogic. If your user is not a weblogic user, authetication will fail.
I found that a setting must be added in config.xml in the security-settings section: <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
.
If it is not there, it will be defaulted to TRUE.