APM SSO HTTP Basic method

The only values that are really important in the HTTP Basic SSO profile are the username and password sources. These are APM session variables that must contain valid username and password value, respectively, so that the SSO profile can generate the correct Authorization header to send to the web server. The headers section is not expressly required, and I've never had a need to use these.

Moreover, is this configuration able to retrieve the username from client evironment or only after the first login?

The beauty of APM is that client side and server side authentication are completely separate things. This gives you a lot of flexibility in what you can do. You can basically say that the visual policy handles client side authentication, and SSO handles server side authentication. As to your question, it doesn't matter how you get the username and password, as long as you get them somewhere within the client side interaction. That could be an APM logon form, or a Basic prompt to the client. Anything that allows you to collect these values form the client.