return User{}, err
	}
	req.URL.Path = path.Join(req.URL.Path, "realms", k.realm, "users", userid)

	k.Lock()
	accessToken := k.accessToken
	k.Unlock()
	if accessToken.AccessToken == "" {
		return User{}, ErrAccessTokenExpired
	}
	req.Header.Set("Authorization", "Bearer "+accessToken.AccessToken)
	resp, err := k.client.Do(req)
	if err != nil {
		return User{}, err
	}
	defer resp.Body.Close()

	if err != nil {
		return nil, err
	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	if accessToken != "" {
		req.Header.Set("Authorization", "Bearer "+accessToken)
	}

	client := &http.Client{
		Transport: transport,
	}

	resp, err := client.Do(req)
	if err != nil {
		return nil, err
	}

	return nil
}

func (r *Config) updateUserinfoClaims(ctx context.Context, arn arn.ARN, accessToken string, claims map[string]interface{}) error {
	pCfg, ok := r.arnProviderCfgsMap[arn]
	// If claim user info is enabled, get claims from userInfo
	// and overwrite them with the claims from JWT.
	if ok && pCfg.ClaimUserinfo {
		if accessToken == "" {
			return errors.New("access_token is mandatory if user_info claim is enabled")
		}

            }

            // TODO validate signiture

            final Map<String, Object> attributes = new HashMap<>();
            attributes.put("accesstoken", tr.getAccessToken());
            attributes.put("refreshtoken", tr.getRefreshToken() == null ? "null" : tr.getRefreshToken());
            attributes.put("tokentype", tr.getTokenType());

		return
	}

	ctx = newContext(r, w, action)

	token := r.Form.Get(stsToken)
	if token == "" {
		token = r.Form.Get(stsWebIdentityToken)
	}

	accessToken := r.Form.Get(stsWebIdentityAccessToken)

	// RoleARN parameter processing: If a role ARN is given in the request, we
	// use that and validate the authentication request. If not, we assume this

online.help.name.scheduler=scheduler
online.help.name.crawlinginfo=crawlinginfo
online.help.name.backup=backup
online.help.name.upgrade=upgrade
online.help.name.esreq=esreq
online.help.name.accesstoken=accesstoken
online.help.name.suggest=suggest
online.help.name.searchlog=searchlog
online.help.name.maintenance=maintenance
online.help.name.plugin=plugin
online.help.name.storage=storage

    /** The key of the configuration. e.g. esreq */
    String ONLINE_HELP_NAME_ESREQ = "online.help.name.esreq";

    /** The key of the configuration. e.g. accesstoken */
    String ONLINE_HELP_NAME_ACCESSTOKEN = "online.help.name.accesstoken";

    /** The key of the configuration. e.g. suggest */
    String ONLINE_HELP_NAME_SUGGEST = "online.help.name.suggest";