Hi Jean-Yves, There is already a Response#challengeRequests property which takes a list of challenges, so for the server-side you should be all set.
However, you have to manually handle the selection on the client side, based on the supported schemes. I have updated the existing RFE to consider automatic negotiation: "Support preemptive authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=288 Best regards, Jerome 2010/2/2 JY Cronier <[email protected]> > Hi all, > > Is it possible to implement a kind of "authentication negotiation". > This means that the server might return to the client a list of possible > authentication methods (multiple values for the WWW-Authenticate headers?) > with HTTP code 401 > > The HTTP client choose the best method that he can handle ... > > I look at the example http://www.restlet.org/documentation/2.0/tutorial # > part09 (9. Guarding access to sensitive resources), but we can not specify > several "ChallengeScheme" ... > > ------------------------------------------------------ > > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2444144 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2444176
