// add an input buffer of this size.
	encryptBufferSize = 1 << 20

	// minCompressibleSize is the minimum size at which we enable compression.
	minCompressibleSize = 4096
)

// setHeadGetRespHeaders - set any requested parameters as response headers.
func setHeadGetRespHeaders(w http.ResponseWriter, reqParams url.Values) {
	for k, v := range reqParams {
		if header, ok := supportedHeadGetReqParams[strings.ToLower(k)]; ok {

		}
		meta.BucketTargetsConfigUpdatedAt = updatedAt
		meta.BucketTargetsConfigMetaUpdatedAt = updatedAt
	default:
		return updatedAt, fmt.Errorf("Unknown bucket %s metadata update requested %s", bucket, configFile)
	}

	return updatedAt, sys.save(ctx, meta)
}

func (sys *BucketMetadataSys) save(ctx context.Context, meta BucketMetadata) error {
	objAPI := newObjectLayerFn()

		if !storageclass.IsValid(sc) {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidStorageClass), r.URL)
			return
		}
	}

	encMetadata := map[string]string{}

	if crypto.Requested(r.Header) {
		if crypto.SSECopy.IsRequested(r.Header) {
			writeErrorResponse(ctx, w, toAPIError(ctx, errInvalidEncryptionParameters), r.URL)
			return
		}

        // Then
        assertNull(type3.getDomain());
        assertNull(type3.getUser());
        assertNull(type3.getWorkstation());
    }

    @Test
    @DisplayName("Should generate session key when requested")
    void testSessionKeyGeneration() throws Exception {
        // Given
        Type2Message type2 = createMockType2Message();
        int flags = NtlmFlags.NTLMSSP_NEGOTIATE_NTLM | NtlmFlags.NTLMSSP_NEGOTIATE_KEY_EXCH

	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

// Tests is requested authenticated function, tests replies for s3 errors.
func TestIsReqAuthenticated(t *testing.T) {
	ctx, cancel := context.WithCancel(GlobalContext)
	defer cancel()

	objLayer, fsDir, err := prepareFS(ctx)

		writeErrorResponseHeadersOnly(w, toAPIError(ctx, err))
		return
	}

	// s3zip does not allow ranges.
	w.Header().Del(xhttp.AcceptRanges)

	// Set any additional requested response headers.
	setHeadGetRespHeaders(w, r.Form)

	// Successful response.
	w.WriteHeader(http.StatusOK)
}

     *
     * SPNEGO authentication typically doesn't require special response handling
     * for metadata or logout operations, so this method returns null.
     *
     * @param responseType The type of SSO response requested
     * @return Always returns null for SPNEGO authentication
     */
    @Override
    public ActionResponse getResponse(final SsoResponseType responseType) {
        return null;
    }

    /**

    }

    /**
     * Adds a search log to the queue.
     *
     * @param params The search request parameters.
     * @param requestedTime The time the search was requested.
     * @param queryId The ID of the search query.
     * @param query The search query.
     * @param pageStart The starting page number.
     * @param pageSize The size of the page.

export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration
export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
# Optional: Allow to specify the requested OpenID scopes (OpenID only requires the `openid` scope)
#export MINIO_IDENTITY_OPENID_SCOPES="openid,profile,email"
minio server /mnt/export
```

or using `mc`

```

     */
    int FLAGS_PATH_NAMES_CASELESS = 0x08;
    /**
     * Path names are canonicalized flag.
     */
    int FLAGS_PATH_NAMES_CANONICALIZED = 0x10;
    /**
     * Opportunistic lock requested or granted flag.
     */
    int FLAGS_OPLOCK_REQUESTED_OR_GRANTED = 0x20;
    /**
     * Notify client of any action which modified the file flag.
     */
    int FLAGS_NOTIFY_OF_MODIFY_ACTION = 0x40;
    /**