First I wish to say that this is not a problem for me as at the moment as I worked around it. However, I wanted to post this as this might be helpfull to others.
I've noticed a problem with how ESP Pre-Authorization Excluded Directories handles Basic auth when the backend server also provides basic auth.
* I have root where I enable ESP form, I log in using email@example.com
* I set a Pre-Authorization Excluded Directorie as "/test/*"
* My backend server has basic auth enabled on /test/ and requires me to provide test / test to see the pages.
I log in to the ESP form using firstname.lastname@example.org
I go to /test/
The server provides me with a basic auth prompt.
I enter test / test.
The server receives email@example.com and not the test user.
PS: Authentication is passed correctly if you do not log in the to ESP form first and just go to /test/