claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
comment       (sentence)  optionally add a comment to this setting
```

and ENV based options

```
mc admin config set myminio/ identity_openid --env

KEY:

claim_name    (string)    JWT canned policy claim name, defaults to "policy"
claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
comment       (sentence)  optionally add a comment to this setting
```

and ENV based options

```
mc admin config set myminio/ identity_openid --env

			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         Scopes,
			Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"` + defaultHelpPostfix(Scopes),
			Optional:    true,
			Type:        "csv",
		},
		config.HelpKV{
			Key:         Vendor,

        byte[] init = spnegoInitWithMechs(Kerb5Context.SUPPORTED_MECHS);

        // NtlmPasswordAuthenticator#createContext will inspect mechs and throw because NTLM is not advertised
        SmbUnsupportedOperationException ex =
                assertThrows(SmbUnsupportedOperationException.class, () -> auth.createContext(tc, null, "server.example.com", init, false));

// errMoreData = returned when more data was sent by the caller than what it was supposed to.
var errMoreData = StorageErr("more data was sent than what was advertised")

// indicates readDirFn to return without further applying the fn()
var errDoneForNow = errors.New("done for now")

// errSkipFile returned by the fn() for readDirFn() when it needs
// to proceed to next entry.

            // Only stub supportsIntegrity - isEstablished won't be called due to short-circuit
            when(mockCtx.supportsIntegrity()).thenReturn(false);

            // A small consumer that only uses MIC if advertised as available
            byte[] data = new byte[] { 1, 2 };
            if (mockCtx.supportsIntegrity() && mockCtx.isEstablished()) {
                mockCtx.calculateMIC(data);
            }

        // Check if both client and server support multi-channel
        if (!context.getConfig().isUseMultiChannel()) {
            return false;
        }

        // MS-SMB2: Check if server advertised SMB2_GLOBAL_CAP_MULTI_CHANNEL (0x00000008)
        // This capability should be checked from the negotiate response
        // The server capabilities are typically stored in the session or transport

MINIO_IDENTITY_OPENID_CLAIM_NAME            (string)    JWT canned policy claim name (default: 'policy')
MINIO_IDENTITY_OPENID_SCOPES                (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
MINIO_IDENTITY_OPENID_VENDOR                (string)    Specify vendor type for vendor specific behavior to checking validity of temporary credentials and service accounts on MinIO

- The certificate signer no longer accepts ca.key passwords via the `CFSSL_CA_PK_PASSWORD` environment variable. This capability was not prompted by user request, never advertised, and recommended against in the security audit. ([#84677](https://github.com/kubernetes/kubernetes/pull/84677), [@mikedanese](https://github.com/mikedanese))

			secretKey:          credentials.SecretKey,
			shouldPass:         false,
			fault:              malformedEncoding,
		},
		// Test case - 8
		// Chunk with shorter than advertised chunk data.
		{
			bucketName:         bucketName,
			objectName:         objectName,
			data:               oneKData,
			dataLen:            1024,
			chunkSize:          1024,