MockResponse(body = "c"),
    )
    val authenticator =
      RecordingOkAuthenticator(
        basic("jesse", "peanutbutter"),
        "Basic",
      )
    client =
      client
        .newBuilder()
        .authenticator(authenticator)
        .build()
    assertContent("c", getResponse(newRequest("/a")))
    val challengeResponse = authenticator.responses[0]
    assertThat(

        auth.refresh();
        Subject afterRefresh = auth.getSubject();
        // After refresh, may succeed or fail depending on JAAS configuration
        // Just verify that refresh doesn't break the authenticator
        assertNotNull(auth, "Authenticator should remain usable after refresh");
    }

    @Test
    @DisplayName("handle: sets NameCallback and PasswordCallback on happy path")

import org.lastaflute.web.response.ActionResponse;

/**
 * Interface for SSO (Single Sign-On) authenticator implementations.
 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO

OkHttp URLConnection
====================

This module integrates OkHttp with `Authenticator` and `CookieHandler` from `java.net`.

This module is obsolete; prefer `okhttp-java-net-cookiejar`.

### Download

```kotlin
testImplementation("com.squareup.okhttp3:okhttp-urlconnection:5.3.0")

public final class okhttp3/JavaNetAuthenticator : okhttp3/Authenticator {
	public fun <init> ()V
	public fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/JavaNetCookieJar : okhttp3/CookieJar {
	public fun <init> (Ljava/net/CookieHandler;)V
	public fun loadForRequest (Lokhttp3/HttpUrl;)Ljava/util/List;
	public fun saveFromResponse (Lokhttp3/HttpUrl;Ljava/util/List;)V

import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

/**
 * Authenticator for SAML 2.0.
 *
 * <p>This authenticator enables Single Sign-On (SSO) using SAML 2.0 protocol
 * with Identity Providers such as Okta, Azure AD, OneLogin, etc.</p>
 *
 * <h2>Required Configuration</h2>

	public static final field JAVA_NET_AUTHENTICATOR Lokhttp3/Authenticator;
	public static final field NONE Lokhttp3/Authenticator;
	public abstract fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/Authenticator$Companion {
}

public final class okhttp3/Cache : java/io/Closeable, java/io/Flushable {
	public static final field Companion Lokhttp3/Cache$Companion;

 * When making an HTTPS connection through an HTTP proxy, the proxy may issue an authentication challenge. OkHttp will call the proxy [authenticator](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-authenticator/) and try again.

import com.google.common.io.BaseEncoding.DecodingException;

import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;

/**
 * OpenID Connect authenticator for SSO integration.
 */
public class OpenIdConnectAuthenticator implements SsoAuthenticator {

    /**
     * Default constructor.
     */
    public OpenIdConnectAuthenticator() {

import okhttp3.Request;
import okhttp3.Response;

public final class Authenticate {
  private final OkHttpClient client;

  public Authenticate() {
    client = new OkHttpClient.Builder()
        .authenticator((route, response) -> {
          if (response.request().header("Authorization") != null) {
            return null; // Give up, we've already attempted to authenticate.
          }