} catch (final Exception e) {
            throw new SsoLoginException("Failed to parse an authentication response.", e);
        }
    }

    /**
     * Validates the nonce in the authentication result.
     * @param stateData The stored state data containing the expected nonce.
     * @param authData The authentication result containing the actual nonce.
     */

## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

A major advantage of certificate-based authentication compared to other STS authentication methods, like OpenID Connect or LDAP/AD, is that client authentication works without any additional/external component that must be constantly available. Therefore, certificate-based authentication may provide better availability / lower operational complexity.

    static final HashFunction SHA_512 =
        new MessageDigestHashFunction("SHA-512", "Hashing.sha512()");
  }

  /**
   * Returns a hash function implementing the Message Authentication Code (MAC) algorithm, using the
   * MD5 (128 hash bits) hash function and the given secret key.
   *
   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other

    static final NtlmPasswordAuthentication DEFAULT = new NtlmPasswordAuthentication(null);

    /** The authentication domain */
    String domain;
    /** The username for authentication */
    String username;
    /** The password for authentication */
    String password;
    /** The ANSI password hash */
    byte[] ansiHash;
    /** The Unicode password hash */
    byte[] unicodeHash;

```

Refer [Prometheus documentation](https://prometheus.io/docs/introduction/first_steps/) for more details.

### 2. Configure authentication type for Prometheus metrics

MinIO supports two authentication modes for Prometheus either `jwt` or `public`, by default MinIO runs in `jwt` mode. To allow public access without authentication for prometheus metrics set environment as follows.

```
export MINIO_PROMETHEUS_AUTH_TYPE="public"
minio server ~/test

import org.lastaflute.web.response.ActionResponse;

/**
 * Manager class for coordinating SSO (Single Sign-On) authentication operations.
 *
 * This class serves as the central coordinator for SSO authentication in Fess.
 * It manages registered SSO authenticators, determines when SSO is available,
 * and delegates authentication operations to the appropriate SSO provider based
 * on the current configuration.
 */
public class SsoManager {

import jakarta.annotation.Resource;

/**
 * Service class for managing user operations in the Fess search system.
 * This service provides CRUD operations for user management, including user authentication,
 * password management, and user listing with pagination support.
 *
 */
public class UserService {

    /**
     * Default constructor for UserService.
     */
    public UserService() {

     *
     * @param serviceName
     *            JAAS configuration name
     * @param domain the domain for authentication
     * @param username the username for authentication
     * @param password the password for authentication
     */
    public JAASAuthenticator(String serviceName, String domain, String username, String password) {
        super(null, domain, username, password);

 */
package org.codelibs.fess.app.web.admin.webauth;

/**
 * The search form for Web Authentication.
 */
public class SearchForm {

    /**
     * Default constructor for SearchForm.
     */
    public SearchForm() {
    }

    /**
     * The ID field for searching web authentication settings.
     */
    public String id;

import org.codelibs.fess.app.web.api.admin.BaseSearchBody;

/**
 * Search request body for file authentication administration API.
 */
public class SearchBody extends BaseSearchBody {

    /**
     * Default constructor.
     */
    public SearchBody() {
        super();
    }

    /** File authentication configuration ID */
    public String id;