This filter picks up a dummy-string, in this case: secret_username, and replaces it with the correct sso username in the request from the user to the internal server. This is a server side operation only so the username will never reach the end user or traverse to the client.
sso_set_password
This filter picks up a dummy-string, in this case: secret_password, and replaces it with the correct sso password in the request from the user to the internal server. This is a server side operation only so the password will never reach the end user or traverse to the client.
Inject_script
This filter injects a script in the login form web page that will prefill the values of the login form controls with the dummy strings secret_username and secret_password and auto-submit the form.