Which SSO option sends credentials as cleartext across the network?

The option that sends credentials as cleartext across the network is Basic Auth Forwarding. This method of authentication transmits username and password information encoded in base64. While base64 encoding is a form of encoding, it does not provide any encryption or security, meaning that the original credentials are easily retrievable by anyone capable of intercepting network traffic.

When using Basic Auth Forwarding, each request includes the Authorization header with the encoded credentials. This approach poses a significant security risk if the traffic is not encrypted, such as over HTTP rather than HTTPS. As a result, this method is often discouraged for use in environments that may expose sensitive data such as user credentials.

In contrast, other options either do not transmit credentials in a cleartext format or utilize more secure methods of authentication and authorization, thereby reducing the risk of credential theft.