I'm not sure if we already do this, but based on the guidelines here we mention:

In this image we create a Development Mode domain by default, you can create a Production Mode domain (with Secured Production Mode disabled) by setting in the docker run command PRODUCTION_MODE to prod and set ADMINISTRATION_PORT_ENABLED to true. If you intend to run these images in production, then you should change the Production Mode to production. When you set the DOMAIN_NAME, the DOMAIN_HOME=/u01/oracle/user_projects/domains/$DOMAIN_NAME. Please see the documentation Administering Security for Oracle WebLogic Server.

I'm not able to tell, but does this effectively set the enforce-valid-basic-auth-credentials Flag security parameter to False? If not, can we update the image to accept this as an env variable? It is something that is required for ORDS to be deployed in as a .war in WebLogic (for scenarios where users wish to offload the task of authentication to a third party tool).

Thank you!