Encrypting or hiding true url and parameters

For a new portlet, I’ve been asked to add a link or button that will go to another secured site (https://…), passing login name, password, and other parameters. The purpose of this function is so certain users will access this portlet and be provided a direct secured link to another, but entirely separate, internal web application; furthermore, access to the separate web application will be automatic for the user because specific login credentials will be passed as URL parameters.
I got that part, but the next requirement is that the full URL and especially the parameters are to be hidden from the user. So, it should be completely confidential.
And the final requirement is that even if the user looks in the View Source tool, the real code will not be revealed: either encrypted data; jumbled garbage; or some other meaningless symbols should appear.
I have no clue how to do the 2nd and 3rd requirements!!
Anyone have ideas??