As far as I can see the mapping should work
HTTPS is used for encrypted web traffic, not for authentication. For authentication you have BASIC, DIGEST, FORM and CERTIFICATE.
You can use authentication with or without HTTPS. The two don't really have anything to do with each other.
Cocoon for example.
Ulf Dittmer wrote:Using HTTPS is largely independent of using authentication. The application will need to create appropriate absolute URLs with the desired protocol, though.
Notification that a session is about to be invalidated