Hi, what is the best way to support both client-cert based authentication and Kerberos over HTTPS in Java please? I figured how to do so for either. For client-cert, it's transport layer auth and the server-side would call setWantClientAuth(true). For Kerberos (SPNEGO), I can use an HTTP Authorization header to flow the token. The client can choose any scheme to talk to the HTTPS service. Is there a standard way to do so? Does it make sense to use WWW-Authenticate HTTP header to challenge the client to use either of the two schemes? Thanks!
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
