### Use cases: external service { #use-cases-external-service }

An example could be that you have an external authentication provider that you need to call.

You send it a token and it returns an authenticated user.

labels.menu_label_type=Label
labels.menu_key_match=Key Match
labels.menu_boost_document_rule=Document Boost
labels.menu_path_mapping=Path Mapping
labels.menu_web_authentication=Web Authentication
labels.menu_file_authentication=File Authentication
labels.menu_request_header=Request Header
labels.menu_duplicate_host=Duplicate Host
labels.menu_user=User
labels.menu_role=Role
labels.menu_group=Group
labels.menu_suggest=Suggest

import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;

/**
 * Test suite for jcifs.smb1.https.Handler class.
 * Tests HTTPS URL stream handler functionality with NTLM authentication support.
 */
@DisplayName("SMB1 HTTPS Handler Tests")
class HandlerTest {

    private Handler handler;

    @BeforeEach
    void setUp() {
        handler = new Handler();
    }

    @Nested

import org.bouncycastle.asn1.DERBitString;

import jcifs.pac.ASN1Util;
import jcifs.pac.PACDecodingException;

/**
 * Represents a Kerberos AP-REQ (Application Request) message.
 * This class parses and contains the authentication request sent from a client to a server.
 */
public class KerberosApRequest {

    private byte apOptions;
    private KerberosTicket ticket;

    /**
     * Creates a Kerberos AP request from a token.

import jcifs.internal.smb2.ServerMessageBlock2Response;
import jcifs.internal.util.SMBUtil;
import jcifs.smb.NtStatus;

/**
 * SMB2 Session Setup response message. This response contains the server's authentication
 * challenge or confirms successful session establishment.
 *
 * @author mbechler
 *
 */
public class Smb2SessionSetupResponse extends ServerMessageBlock2Response {

    /**

import kotlin.text.Charsets.ISO_8859_1
import okhttp3.internal.unmodifiable

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**
   * Returns the auth params, including [realm] and [charset] if present, but as

import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERTags;

import jcifs.pac.ASN1Util;
import jcifs.pac.PACDecodingException;

/**
 * Represents a Kerberos authentication token.
 */
public class KerberosToken {

    private KerberosApRequest apRequest;

    /**
     * Constructs a KerberosToken from token bytes.
     *
     * @param token the token bytes

    // retry, we return true and try a new route.
    return true
  }

  /**
   * Figures out the HTTP request to make in response to receiving [userResponse]. This will
   * either add authentication headers, follow redirects or handle a client request timeout. If a
   * follow-up is either unnecessary or not applicable, this returns null.
   */
  @Throws(IOException::class)
  private fun followUpRequest(

        assertFalse(exception.isAuthenticationError());
        assertFalse(exception.isFileSystemError());
        assertFalse(exception.isTransientError());

        // Authentication error
        exception = new SmbOperationException(SmbOperationException.ErrorCode.INVALID_CREDENTIALS, "Bad password");
        assertFalse(exception.isNetworkError());
        assertTrue(exception.isAuthenticationError());

```
export MINIO_ETCD_ENDPOINTS=http://localhost:2379
minio server /data
```

NOTE: If `etcd` is configured with `Client-to-server authentication with HTTPS client certificates` then you need to use additional envs such as `MINIO_ETCD_CLIENT_CERT` pointing to path to `etcd-client.crt` and `MINIO_ETCD_CLIENT_CERT_KEY` path to `etcd-client.key` .

### 4. Test with MinIO STS API