When the auth-method `DIGEST` is specified in the login-config section of the `web.xml` of an application, requests to this application do not receive a session cookie in return until there is an authenticated session. In a load balanced environment, the response to the `DIGEST` challenge may be sent to a different node rather than the one that sent the challenge, and cause an authentication failure. This worked in EAP 6.3.1 after https://bugzilla.redhat.com/show_bug.cgi?id=1126490 so seems we have a similar issue to fix again here when moving to EAP 7/Wildfly.

See discussion on JBEAP-22980

wildfly-elytron PR: https://github.com/wildfly-security/wildfly-elytron/pull/1909

wildfly PR with tests and documentation: https://github.com/wildfly/wildfly/pull/16897