2.2.8 Partner Server Challenge Message

The Partner Server Challenge message, sent by the partner server to the client, indicates that the client's request failed and MUST describe the partner token needed to gain access to the URL.

This message can contain any number of comma-separated ptoken elements, specified in section 2.2.1, as the challenge. The client MUST treat the challenge as-is and pass it along to the authentication server in a Token Request message or a Sign-in Request message.

This message SHOULD be processed only when included in an HTTP response with a 302 or 401 status code.<4>

 Partner-Server-Challenge-Message = "WWW-Authenticate:" scheme 1*SP challenge["," upgrade]
  
 upgrade = "Negotiate2SupportedIf=" condition
 condition = 1*(ALPHA / DIGIT)
  

Example:

 WWW-Authenticate: Passport1.4 param1,param2,Negotiate2SupportedIf=LiveSSP