There isn't any support for that, the Spring Web Flow design was never able to produce a 401 response that I could make work. The intended approach to non-browser use of the system is the ECP profile, which is SOAP based and does not rely on forms, and requires the client (or proxy in this case) to be ECP compliant. -- Scott