HTTP Basic Security Provider

Use an HTTP Basic provider to enable automatic application registration. This provider is required when registration is set to automatic, and will be used for integrating with third-party security providers like SiteMinder.

A LoginModule validates standard username/password style credentials by passing them to a Web server. Configure the URL property to point to a Web server that challenges for Basic authentication.

Best practice guidelines include:

Using an HTTPS URL to avoid exposing credentials.
If the Web server's certificate is not signed by a well known CA, import the CA certificate used to sign the Web server's certificate into the Unwired Server truststore.jks. The truststore is prepopulated with CA certificates from reputable CAs.
If this Web server returns a cookie as part of successful authentication, set the SSO Cookie Name configuration property to the name of this cookie. Upon successful authentication, this login module places the cookie value into an HttpSSOTokenCredential object and attaches it to the java.security.Subject as a public credential.
Note: The HTTP Basic login module is the module that can either be used for SSO tokens or HTTP basic without SSO. The sole condition being that the backend support HTTP Basic authentication.
When using this module in lieu of the deprecated SAPSSOTokenLoginModule, the cookie name is typically "MYSAPSSO2".

For example, SiteMinder is often used in mobile deployments to protect existing Web-based applications. Existing users point their browser at a URL, and SiteMinder intercepts an unauthenticated session to challenge for credentials (Basic). When the authentication succeeds, it returns a SMSESSION cookie with a Base64-encoded value that can be used for SSO into other SiteMinder enabled systems.