defaultSettings.put("onelogin.saml2.sp.x509cert", "");
        defaultSettings.put("onelogin.saml2.sp.privatekey", "");
        defaultSettings.put("onelogin.saml2.idp.single_sign_on_service.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        defaultSettings.put("onelogin.saml2.idp.single_logout_service.response.url", "");

        defaultSettings.put("onelogin.saml2.security.logoutrequest_signed", "false");
        defaultSettings.put("onelogin.saml2.security.logoutresponse_signed", "false");
        defaultSettings.put("onelogin.saml2.security.want_messages_signed", "false");
        defaultSettings.put("onelogin.saml2.security.want_assertions_signed", "false");

import org.codelibs.fess.helper.SystemHelper;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.saml2.Auth;
import org.lastaflute.web.login.credential.LoginCredential;

/**
 * Credential for SAML authentication.
 */
public class SamlCredential implements LoginCredential, FessCredential {

    private final Map<String, List<String>> attributes;

			<AppenderRef ref="LogNotification" />
		</Logger>
		<Logger name="org.opensearch.bootstrap" additivity="false" level="error">
			<AppenderRef ref="AppFile" />
		</Logger>
		<Logger name="com.onelogin.saml2" level="off"/>
		<Logger name="org.codelibs.fess.llm" additivity="false" level="${llm.log.level}">
			<AppenderRef ref="LlmFile" />
		</Logger>

    /** SAML service provider base URL. */
    @Size(max = 1000)
    public String samlSpBaseUrl;

    /** SAML attribute name for group membership. */
    @Size(max = 1000)
    public String samlAttributeGroupName;

    /** SAML attribute name for role membership. */
    @Size(max = 1000)
    public String samlAttributeRoleName;

    /** SAML default groups. */
    @Size(max = 1000)

- Full-text search with OpenSearch backend
- Web, file system, and data store crawling
- Multi-format document support (Office, PDF, etc.)
- Admin GUI for configuration
- REST API for programmatic access
- SSO integration (OIDC, SAML, SPNEGO, Entra ID)
- i18n support (20+ languages)

## Tech Stack

| Component | Technology |
|-----------|------------|
| Web Framework | LastaFlute (MVC framework) |
| DI Container | Lasta Di |

        // SAML
        fessConfig.setSystemProperty("saml.sp.base.url", form.samlSpBaseUrl);
        fessConfig.setSystemProperty("saml.attribute.group.name", form.samlAttributeGroupName);
        fessConfig.setSystemProperty("saml.attribute.role.name", form.samlAttributeRoleName);
        fessConfig.setSystemProperty("saml.default.groups", form.samlDefaultGroups);

 * such as metadata requests and logout actions.
 */
public enum SsoResponseType {
    /**
     * Indicates a request for SSO metadata, which is typically used for
     * configuration and discovery in protocols like SAML.
     */
    METADATA,

    /**
     * Indicates a request to perform a logout operation, terminating the
     * user's SSO session.
     */
    LOGOUT;

    @Test
    public void test_fullScenario_ssoEnabled() {
        currentSsoType = "saml";
        final LoginCredential expectedCredential = new TestLoginCredential("samluser");
        final ActionResponse expectedResponse = HtmlResponse.asEmptyBody();
        final String expectedLogoutUrl = "https://saml.example.com/logout";

        testAuthenticator.setLoginCredential(expectedCredential);

 * Interface for SSO (Single Sign-On) authenticator implementations.
 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO
 * lifecycle operations like logout and metadata exchange.