This provider is used to copy HTTP header and cookie values from the client request into the authenticated JAAS subject as user Principals (which identifies who the client user is), roles (which determines the permissions the user may have), and credentials (which provide single sign-on material for back-end systems).
This provider will always fail authentication because it does not validate user credentials at all. It simply copies request values to where they can be used downstream in the authentication process. If you add this provider to a security profile, be sure to set its controlFlag to "optional" so the overall authentication can succeed based on the other providers in the profile.