diff --git a/impl/src/main/java/org/glassfish/soteria/mechanisms/BasicAuthenticationMechanism.java b/impl/src/main/java/org/glassfish/soteria/mechanisms/BasicAuthenticationMechanism.java
index 6071c63..9ac0455 100644
--- a/impl/src/main/java/org/glassfish/soteria/mechanisms/BasicAuthenticationMechanism.java
+++ b/impl/src/main/java/org/glassfish/soteria/mechanisms/BasicAuthenticationMechanism.java
@@ -17,10 +17,6 @@
 package org.glassfish.soteria.mechanisms;
 
 import static java.lang.String.format;
-import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
-import static javax.xml.bind.DatatypeConverter.parseBase64Binary;
-import static org.glassfish.soteria.Utils.isEmpty;
-
 import javax.security.enterprise.AuthenticationException;
 import javax.security.enterprise.AuthenticationStatus;
 import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
@@ -29,10 +25,12 @@
 import javax.security.enterprise.credential.Password;
 import javax.security.enterprise.credential.UsernamePasswordCredential;
 import javax.security.enterprise.identitystore.CredentialValidationResult;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
 import javax.security.enterprise.identitystore.IdentityStoreHandler;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
+import static javax.xml.bind.DatatypeConverter.parseBase64Binary;
+import static org.glassfish.soteria.Utils.isEmpty;
 import org.glassfish.soteria.cdi.CdiUtils;
 
 
@@ -85,7 +83,9 @@ private String[] getCredentials(HttpServletRequest request) {
 
 		String authorizationHeader = request.getHeader("Authorization");
 		if (!isEmpty(authorizationHeader) && authorizationHeader.startsWith("Basic ") ) {
-			return new String(parseBase64Binary(authorizationHeader.substring(6))).split(":");
+			String authorizationValue = new String(parseBase64Binary(authorizationHeader.substring(6)));
+			int separatorPosition = authorizationValue.indexOf(':');
+			return new String[] { authorizationValue.substring(0, separatorPosition), authorizationValue.substring(separatorPosition + 1) };
 		}
 
 		return null;