Did you make these updates to the jmx-console's web.xml/jboss-web.xml or to the admin-console's web.xml/jboss-web.xml?
I made these updates to the admin-console's web.xml/jboss-web.xml
The reason you're being authenticated twice is that the security constraints in the admin console war are defined via Seam, rather than in web.xml. Specifically, you'll see:
twice in WEB-INF/pages.xml and once in include/resourceNavigation.xhtml. You should just need to remove the security constraint you added from web.xml and change these three references to:
I am going to try it.