Perhaps using a less exotic approach and supported solution is a better approach?
That the server manages it is always a better approach IMO, even if user credentials are a part of the digest or signature.
Starting things on the front end I would generally not recommend (particularly SAPGui front end services or RFC clients). If it does not work in a browser or a local SAPGui normal secure installation then it is not a good design.
Cheers,
Julius