0x0a is a newline character which is forbidden in a header.
Solution would be to make sure that these characters are stripped off before sending the encoded value as header.
Base64.encodeToString(credentials.getBytes(), Base64.NO_WRAP);
this avoids wrapping with a platform specific newline character(s).