public TestLoginCredentialResolver() {
            super(null); // Pass null since we're mocking
        }

        @Override
        public <CREDENTIAL extends LoginCredential> void resolve(final Class<CREDENTIAL> credentialType,
                final Function<CREDENTIAL, OptionalEntity<FessUser>> oneArgLambda) {
            this.resolveCalled = true;
            this.lastCredentialType = credentialType;

        };

        // Verify SSO is available
        assertTrue(ssoManager.available());

        // Verify login credential retrieval
        LoginCredential credential = ssoManager.getLoginCredential();
        assertNotNull(credential);
        assertEquals("samluser", ((TestLoginCredential) credential).username);

        // Verify response retrieval

## Retrying Requests

        }

    }

    /**
     * Resolves the SPNEGO credential to a user entity.
     *
     * This method handles the resolution of SPNEGO credentials by checking
     * if the user is an admin user or needs to be authenticated through LDAP.
     *
     * @param resolver The credential resolver to use for user lookup
     */
    @Override

    }

    /**
     * Log the login failure activity.
     * @param credential The credential.
     */
    public void loginFailure(final OptionalThing<LoginCredential> credential) {
        final Map<String, String> valueMap = new LinkedHashMap<>();
        valueMap.put("action", Action.LOGIN_FAILURE.name());
        credential.ifPresent(c -> {
            valueMap.put("class", c.getClass().getSimpleName());

    public void test_getLoginCredential_withRequest() {
        // With a request context, should return ActionResponseCredential for OAuth redirect
        final var credential = authenticator.getLoginCredential();
        assertNotNull(credential);
        assertTrue(credential instanceof ActionResponseCredential);
    }

    @Test
    public void test_parseJwtClaim_nestedArray() throws IOException {

Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

    }

    @Test
    public void test_loginFailure_withCredential() {
        activityHelper.useEcsFormat = false;
        LoginCredential credential = new TestLoginCredential();
        activityHelper.loginFailure(OptionalThing.of(credential));
        String result = localLogMsg.get();
        assertTrue(result.contains("action:LOGIN_FAILURE"));
        assertTrue(result.contains("class:TestLoginCredential"));

      Request
        .Builder()
        .url(server.url("/"))
        .method("POST", body.toRequestBody(null))
        .build()
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response = client.newCall(request).execute()
    assertThat(response.code).isEqualTo(200)

    server.enqueue(
      MockResponse(code = 401),
    )
    server.enqueue(MockResponse())
    val credential = basic("jesse", "secret")
    client =
      client
        .newBuilder()
        .authenticator(RecordingOkAuthenticator(credential, null))
        .build()
    val response =
      getResponse(
        Request(
          url = server.url("/"),