Export (0) Print
Expand All

3.2.5.4 Realm Autodiscovery Through HTTP 401 Challenge

When a server receives a request that contains an empty BearerHTTP Authorization header, the server responds with an HTTP 401 challenge, as specified in [RFC2616] and [RFC2617]. The BearerWWW-Authenticate header of the HTTP 401 challenge contains the following fields:

  • client_id. The client's security principal identifier.

  • realm. The server MAY<1> return this field. This is the source realm (1) of the client.

  • trusted_issuers. A comma-separated list of all security token issuers the server trusts. The client can then select a security token issuer to request a security token.

For an example of realm autodiscovery through HTTP 401 challenge, see section 4.6.

Show:
© 2015 Microsoft