sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication

sasl_username    (string)    username for SASL/PLAIN or SASL/SCRAM authentication
sasl_password    (string)    password for SASL/PLAIN or SASL/SCRAM authentication
sasl_mechanism   (string)    sasl authentication mechanism, default 'PLAIN'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication

below.

Then type

```sh
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```

Cross check if the secret is created successfully using

```sh
kubectl get secrets
```

You should see a secret named `tls-ssl-minio`.

## 3. Update deployment yaml file

        assertNull(securityDescriptor.getAces());
    }

    @Test
    @DisplayName("Test decode handles SACL offset correctly")
    void testDecodeHandlesSaclOffset() throws SMBProtocolDecodingException {
        // Prepare buffer with SACL offset (should be ignored)
        testBuffer[0] = 0x01; // revision
        testBuffer[1] = 0x00; // padding

	public final fun -deprecated_socketFactory ()Ljavax/net/SocketFactory;
	public final fun -deprecated_sslSocketFactory ()Ljavax/net/ssl/SSLSocketFactory;
	public final fun -deprecated_url ()Lokhttp3/HttpUrl;
	public fun <init> (Ljava/lang/String;ILokhttp3/Dns;Ljavax/net/SocketFactory;Ljavax/net/ssl/SSLSocketFactory;Ljavax/net/ssl/HostnameVerifier;Lokhttp3/CertificatePinner;Lokhttp3/Authenticator;Ljava/net/Proxy;Ljava/util/List;Ljava/util/List;Ljava/net/ProxySelector;)V

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.sso.saml;

import org.codelibs.fess.unit.UnitFessTestCase;

public class SamlAuthenticatorTest extends UnitFessTestCase {

    @Override
    public void setUp() throws Exception {
        super.setUp();
    }

    /**
     * Flag indicating that discretionary access control list (DACL) information is requested or being set.
     */
    int DACL_SECURITY_INFO = 0x4;

    /**
     * Flag indicating that system access control list (SACL) information is requested or being set.
     */
    int SACL_SECURITY_INFO = 0x8;

    /**
     * Flag indicating that mandatory label information is requested or being set.
     */
    int LABEL_SECURITY_INFO = 0x10;

        securityDescriptorBytes[1] = 0; // sbz1
        // control flags (2 bytes)
        securityDescriptorBytes[2] = 0;
        securityDescriptorBytes[3] = 0;
        // No owner, group, sacl, or dacl (all offsets are 0)
        // Rest of bytes are already 0

        info502.security_descriptor = securityDescriptorBytes;
        info502.sd_size = securityDescriptorBytes.length;

                Arguments.of(SACL_SECURITY_INFORMATION, "SACL security information only"),
                Arguments.of(OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, "Owner and Group"),
                Arguments.of(DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION, "DACL and SACL"),

    // Test full integration scenarios
    public void test_fullScenario_ssoEnabled() {
        currentSsoType = "saml";
        final LoginCredential expectedCredential = new TestLoginCredential("samluser");
        final ActionResponse expectedResponse = HtmlResponse.asEmptyBody();
        final String expectedLogoutUrl = "https://saml.example.com/logout";

        testAuthenticator.setLoginCredential(expectedCredential);