Some options include:
- Prohibit the use of form-based authentication
This involves requiring at a minimum Basic or Digest authentication schemes. This may have some implications to some applications as they may not be well suited to make this change.
- Standardize the use of form-based authentication
Since HTTP's WWW-Authenticate header is extensible, it could be possible to indicate the needed meta data either in the header and/or response body for the consumer to perform the authentication.