}
}

const (
	keyCloakVendor = "keycloak"
)

// initializeProvider initializes if any additional vendor specific information
// was provided, initialization will return an error initial login fails.
func (p *providerCfg) initializeProvider(cfgGet func(string) string, transport http.RoundTripper) error {
	vendor := cfgGet(Vendor)
	if vendor == "" {
		return nil
	}
	var err error
	switch vendor {

import org.codelibs.core.misc.DynamicProperties;
import org.codelibs.core.net.UuidUtil;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.FessLoginAssist.LoginCredentialResolver;
import org.codelibs.fess.app.web.base.login.OpenIdConnectCredential;
import org.codelibs.fess.crawler.Constants;
import org.codelibs.fess.mylasta.action.FessUserBean;

    void testGetSubjectLoginFailuresCacheAndRefresh(SubjectVariant variant) throws Exception {
        JAASAuthenticator auth = buildAuthenticator(variant);

        // First call attempts a JAAS login; behavior depends on JAAS configuration
        Subject first = auth.getSubject();

        // Second call should return cached value (same as first)
        Subject second = auth.getSubject();

									</li>
								</c:when>
								<c:when test="${ pageLoginLink }">
									<li class="nav-item"><la:link href="/login"
											styleClass="nav-link" role="button" aria-haspopup="true"
											aria-expanded="false">
											<i class="fa fa-fw fa-sign-in" aria-hidden="true"></i>
											<la:message key="labels.login" />
										</la:link></li>
								</c:when>
							</c:choose>
							<c:if test="${chatEnabled}">

        // Then
        assertNotNull(exception);
        assertTrue(exception.getMessage().toLowerCase().contains("logon") || exception.getMessage().toLowerCase().contains("authentication")
                || exception.getMessage().toLowerCase().contains("login") || exception.getMessage().toLowerCase().contains("user")
                || exception.getMessage().toLowerCase().contains("password"));
    }

    /** Property key for login requirement configuration. */
    public static final String LOGIN_REQUIRED_PROPERTY = "login.required";

    /** Property key for result collapse configuration. */
    public static final String RESULT_COLLAPSED_PROPERTY = "result.collapsed";

    /** Property key for login link enabled configuration. */

import org.codelibs.curl.Curl;
import org.codelibs.curl.CurlResponse;
import org.codelibs.fess.app.web.base.login.ActionResponseCredential;
import org.codelibs.fess.app.web.base.login.EntraIdCredential;
import org.codelibs.fess.app.web.base.login.EntraIdCredential.EntraIdUser;
import org.codelibs.fess.app.web.base.login.FessLoginAssist.LoginCredentialResolver;
import org.codelibs.fess.crawler.Constants;

import org.codelibs.core.beans.util.BeanUtil;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.app.pager.UserPager;
import org.codelibs.fess.app.web.base.login.FessLoginAssist;
import org.codelibs.fess.exception.FessUserNotFoundException;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.opensearch.user.cbean.UserCB;

After detecting that the credentials are incorrect, return an `HTTPException` with a status code 401 (the same returned when no credentials are provided) and add the header `WWW-Authenticate` to make the browser show the login prompt again:

        context.put("sessionId", "abc123def456");
        context.put("username", "******@****.***");

        logger.logEvent(EventType.AUTHENTICATION_SUCCESS, Severity.INFO, "Login attempt", context);

        // The test verifies that the logger runs without errors when masking is enabled
        Map<EventType, Long> stats = logger.getStatistics();