The SOA-P instance is by default configured to be secure, but it sounds like you did enable jmx and the users.
Did you enter in the username/password when asked ? Did that solve it ?
With respect to the EAP instance then that should definitly work out of the box since the bundled EAP is configured for development out-of-the-box. Did you stop the SOA-P instance before trying EAP ?