It’s a bug in the latest platform version. You can work around it if you use slightly different name of the property (see capital letter):
cuba.web.ExternalAuthentication = true
Let me explain what has happened. We made some cleanup in property names recently, and for backward compatibility, we preserved the old names so their values now have priority - just in case someone uses them in production. Unfortunately, we forgot to remove the old name cuba.web.ExternalAuthentication from cuba-web-app.properties file, so now it has a priority over the new name which you are trying to use. So just use the old name until we release a bug-fix version, and switch to the new name afterward.
As for Jespa integration sample in the documentation, it indeed can be outdated due to some recent refactorings. We will check it in the next few days and let you know if there are any changes.
Thank you for reporting the issues!