Hi Zia,
I'm not quite sure what do you mean by "webpage also asks for credentials". Is the webpage serve by web server only or you have backend application server in your case?
If the environment involved web server only, there seems to be two issues here.
1. User not being redirect to abc.com/out.php
2. User being reprompt credentials when access abc.com/out.php
For first issue, there is web server configuration to set default document when client does not request a specific file. For example in IIS manager -> Default Document. For other web server, you might need to check on the documentation to find out how to set the default document. I will use IIS as example. In IIS setting, the default document comprise of index.html. When user access abc.com without specific resource, the web server will look for index.html by default and if it exist, it will display the contents once user authenticate and authorized. In your case, is out.php one of the default document?
For second issue, we need to check from smaccess log whether the user get authentication reject or authorization reject to help us narrow down the scope. If it is authentication reject, the user might not exist in user directory. If it is authorization reject, it could be the policy defined don't have the user specified.
Hope this helps.
Kar Meng