---------------------

The above scenario is representative of most TLS set ups: the client uses certificates to validate
the identity of a server. The converse is also possible. Here we create a server that authenticates
a client and a client that authenticates a server.

```java
// Create the root for client and server to trust. We could also use different roots for each!
HeldCertificate rootCertificate = new HeldCertificate.Builder()

        // Setup
        OpenIdConnectAuthenticator authenticator = new OpenIdConnectAuthenticator();
        final Map<String, Object> attributes = new HashMap<>();
        String jwtClaim =
                "{\"email\":\"******@****.***\",\"sub\":\"1234567890\",\"name\":\"John Doe\",\"groups\":[\"group1\",\"group2\"]}";

        // Execute
        authenticator.parseJwtClaim(jwtClaim, attributes);

        // Verify

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;

/**
 * NTLMSSP AV pair representing target name information in NTLM authentication.
 * Contains the name of the target server or service being authenticated against.
 *
 * @author mbechler
 */
public class AvTargetName extends AvPair {

    /**
     *
     */
    private static final Charset UTF16LE = StandardCharsets.UTF_16LE;

    /**

        assertFalse(session.isSignatureSetupRequired());
    }

    @Test
    @DisplayName("reauthenticate propagates transport failures")
    void testReauthenticatePropagates() throws Exception {
        SmbSessionImpl session = newSession();
        // Cause the inner reauthenticate to fail at first transport call
        when(transport.getNegotiateResponse()).thenThrow(new SmbException("fail"));

            }
        }
        return isBind;
    }

    /**
     * Authenticates a user with the specified username and password against LDAP.
     *
     * @param username the username for authentication
     * @param password the password for authentication
     * @return an optional containing the authenticated user if successful, empty otherwise
     */

        auth.refresh();
        Subject afterRefresh = auth.getSubject();
        // After refresh, may succeed or fail depending on JAAS configuration
        // Just verify that refresh doesn't break the authenticator
        assertNotNull(auth, "Authenticator should remain usable after refresh");
    }

    @Test
    @DisplayName("handle: sets NameCallback and PasswordCallback on happy path")

| Version         | String  | Yes      | Value must be `2011-06-15`                                           |
| Token           | String  | Yes      | Token to be authenticated by identity plugin                         |
| RoleArn         | String  | Yes      | Must match the Role ARN generated for the identity plugin            |

import org.lastaflute.web.response.ActionResponse;

/**
 * Interface for SSO (Single Sign-On) authenticator implementations.
 *
 * This interface defines the contract for SSO authentication providers that can be
 * integrated with Fess. Implementations handle specific SSO protocols like SAML,
 * OAuth, SPNEGO, or other authentication mechanisms. Each authenticator is responsible
 * for obtaining login credentials, resolving user information, and managing SSO

## Healthcheck Probe

MinIO server has two healthcheck related un-authenticated endpoints, a liveness probe to indicate if server is responding, cluster probe to check if server can be taken down for maintenance.

- Liveness probe available at `/minio/health/live`

import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

/**
 * Authenticator for SAML.
 */
public class SamlAuthenticator implements SsoAuthenticator {

    /**
     * Constructor.
     */
    public SamlAuthenticator() {
        super();
    }