The Require HTTP Basic Credentials assertion is used to require a user to provide a username and password before a request can be routed on. Let's say you have created a simple REST service that contains only the Require HTTP Basic Credentials assertion and Route via HTTP, like this.

You will be prompted to provide a username and password. However, any random and bogus username and password can be entered.

This alone isn't doing much of any security, as any random and bogus username and password will allow you to get the outbound URL. To require a valid username and password, you would need to:

• Create a user or group in an Identity Provider
• Add the Authenticate User or Group assertion to the service.

If the user forgot their password, you can reset the users password.