Can you really use BasicAuth protection and SSO (Single Sign-On) simultaneously? We use mix domain single sign-on (CDSSO), wish to hide our staging server in the public through BasicAuth, and want to enable login through SSO. Each time we make the corresponding VHost admission to safeguard the server, the SSO no more works. Our virtual host entry for Apache appears like this

<Directory /home/my_user/sites/my_site>
  Options -MultiViews
  AllowOverride All
  Order deny,allow
  Deny from all
  Allow from 192.168.0.0/16
  AuthType Basic
  AuthBasicProvider file
  AuthName "MyBasicAuth"
  AuthUserFile /home/my_user/etc/htpasswd
  Require valid-user
  Satisfy Any
</Directory>

The log file from the web policy agent for OpenAM indicates that there's some type of authorization failure throughout the dsame_check (possibly a type of heartbeat message to ascertain if the representative is alive ?):

2011-11-04 16:48:16.069    Info 27773:7fb5259550e0 all: 
dsame_check_access(): starting...
2011-11-04 16:48:16.069   Debug 27773:7fb5259550e0 all: 
get_request_url(): ..
..
2011-11-04 16:48:16.069   Debug 27773:7fb5259550e0 all: 
get_request_url(): Returning request URL = 
http://..:80/error/HTTP_UNAUTHORIZED.html.var.

Within the Apache access log for that computer using the policy agent we obtain the next 401 Unauthorized HTTP errors (192.168.1.1 may be the local IP from the OpenAM server):

192.168.1.1 - "" [07/Nov/2011:12:42:58 +0100] 
"POST /UpdateAgentCacheServlet?shortcircuit=false HTTP/1.1" 401 - "-" "Java/1.6"

Exactly how should we alter the configuration make it possible for BasicAuth and SSO? Or isn't it possible whatsoever? When we take away the protection for that Apache web server, the dsame check and also the SSO work again.