assertEquals("2group-name", permissionHelper.encode("{group}group-name"));
        assertEquals("Rrole.name", permissionHelper.encode("{role}role.name"));
        assertEquals("1user_123", permissionHelper.encode("{user}user_123"));
        assertEquals("2group$special", permissionHelper.encode("{group}group$special"));
    }

    @Test
    public void test_decode_withComplexValues() {

    @Test
    public void test_escapeValue_noSpecialChars() {
        assertEquals("admin", LdapUtil.escapeValue("admin"));
        assertEquals("john.doe", LdapUtil.escapeValue("john.doe"));
        assertEquals("user123", LdapUtil.escapeValue("user123"));
        assertEquals("Test User", LdapUtil.escapeValue("Test User"));
    }

    @Test
    public void test_escapeValue_backslash() {

        ldapManager.init();

        // Normal input should not be escaped
        assertEquals("normaluser", ldapManager.escapeLDAPSearchFilter("normaluser"));
        assertEquals("user123", ldapManager.escapeLDAPSearchFilter("user123"));
        assertEquals("user.name", ldapManager.escapeLDAPSearchFilter("user.name"));
    }

    @Test
    public void test_escapeLDAPSearchFilter_withBackslash() {

    public void test_parseJwtClaim_simpleValues() throws IOException {
        final String jwtClaim = "{\"sub\":\"user123\",\"name\":\"John Doe\",\"email\":\"******@****.***\"}";
        final Map<String, Object> attributes = new HashMap<>();

        authenticator.parseJwtClaim(jwtClaim, attributes);

        assertEquals("user123", attributes.get("sub"));
        assertEquals("John Doe", attributes.get("name"));