sync.Mutex

	oeConfig DiscoveryDoc
	client   http.Client
	adminURL string
	realm    string

	// internal value refreshed
	accessToken Token
}

// LoginWithUser authenticates username/password, not needed for Keycloak
func (k *KeycloakProvider) LoginWithUser(username, password string) error {
	return ErrNotImplemented
}

// LoginWithClientID is implemented by Keycloak service account support

			return nil, errAuthentication
		}
		claims.MapClaims[sessionPolicyNameExtracted] = string(spBytes)
	}

	return claims.Map(), nil
}

// Fetch claims in the security token returned by the client.
func getClaimsFromToken(token string) (map[string]interface{}, error) {
	return getClaimsFromTokenWithSecret(token, globalActiveCred.SecretKey)
}

}

func (d *naughtyDisk) ListDir(ctx context.Context, origvolume, volume, dirPath string, count int) (entries []string, err error) {
	if err := d.calcError(); err != nil {
		return []string{}, err
	}
	return d.disk.ListDir(ctx, origvolume, volume, dirPath, count)
}

func (d *naughtyDisk) ReadFile(ctx context.Context, volume string, path string, offset int64, buf []byte, verifier *BitrotVerifier) (n int64, err error) {

func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) {
	x.Client, err = x.HashGeneratorFcn.NewClient(userName, password, authzID)
	if err != nil {
		return err
	}
	x.ClientConversation = x.Client.NewConversation()
	return nil
}

// Step takes a string provided from a server (or just an empty string for the
// very first conversation step) and attempts to move the authentication

// in http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
func signV4TrimAll(input string) string {
	// Compress adjacent spaces (a space is determined by
	// unicode.IsSpace() internally here) to one space and return
	return strings.Join(strings.Fields(input), " ")
}

// checkMetaHeaders will check if the metadata from header/url is the same with the one from signed headers

	o = msgp.Require(b, z.Msgsize())
	// map header, size 5
	// string "Namespace"
	o = append(o, 0x85, 0xa9, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65)
	o = msgp.AppendString(o, string(z.Namespace))
	// string "Subsystem"
	o = append(o, 0xa9, 0x53, 0x75, 0x62, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d)
	o = msgp.AppendString(o, string(z.Subsystem))
	// string "Name"
	o = append(o, 0xa4, 0x4e, 0x61, 0x6d, 0x65)

var encryptRequestTests = []struct {
	header   map[string]string
	metadata map[string]string
}{
	{
		header: map[string]string{
			xhttp.AmzServerSideEncryptionCustomerAlgorithm: "AES256",
			xhttp.AmzServerSideEncryptionCustomerKey:       "XAm0dRrJsEsyPb1UuFNezv1bl9hxuYsgUVC/MUctE2k=",
			xhttp.AmzServerSideEncryptionCustomerKeyMD5:    "bY4wkxQejw9mUJfo72k53A==",
		},
		metadata: map[string]string{},
	},
	{
		header: map[string]string{

	o = msgp.Require(b, z.Msgsize())
	// map header, size 2
	// string "Num"
	o = append(o, 0x82, 0xa3, 0x4e, 0x75, 0x6d)
	o = msgp.AppendInt(o, z.Num)
	// string "String"
	o = append(o, 0xa6, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67)
	o = msgp.AppendString(o, z.String)
	return
}

// UnmarshalMsg implements msgp.Unmarshaler
func (z *testRequest) UnmarshalMsg(bts []byte) (o []byte, err error) {
	var field []byte
	_ = field

		Console: Console{
			Enabled: true,
		},
		HTTP:         make(map[string]http.Config),
		AuditWebhook: make(map[string]http.Config),
		AuditKafka:   make(map[string]kafka.Config),
	}

	return cfg
}

func getCfgVal(envName, key, defaultValue string) string {
	if key != config.Default {
		envName = envName + config.Default + key
	}
	return env.Get(envName, defaultValue)
}

}

// CheckCrossDevice - check if any list of paths has any sub-mounts at /proc/mounts.
func CheckCrossDevice(absPaths []string) error {
	return checkCrossDevice(absPaths, procMountsPath)
}

// Check cross device is an internal function.
func checkCrossDevice(absPaths []string, mountsPath string) error {
	mounts, err := readProcMounts(mountsPath)
	if err != nil {
		return err
	}
	for _, path := range absPaths {