*/
package jcifs.pac.kerberos;

/**
 * Constants used in Kerberos protocol implementation.
 */
public interface KerberosConstants {

    /** Kerberos OID identifier */
    String KERBEROS_OID = "1.2.840.113554.1.2.2";
    /** Kerberos protocol version */
    String KERBEROS_VERSION = "5";

    /** Kerberos AP-REQ message type */
    String KERBEROS_AP_REQ = "14";

	"http://dbflute.org/meta/lastadi10.dtd">
<components>
	<component name="aadAuthenticator" class="org.codelibs.fess.sso.aad.AzureAdAuthenticator">
	</component>
	<component name="oicAuthenticator" class="org.codelibs.fess.sso.oic.OpenIdConnectAuthenticator">
	</component>
	<component name="samlAuthenticator" class="org.codelibs.fess.sso.saml.SamlAuthenticator">
	</component>

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.sso.oic;

import static org.junit.Assert.assertArrayEquals;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import org.codelibs.fess.app.web.base.login.OpenIdConnectCredential;

    /**
     * The NTLMSSP OID (1.3.6.1.4.1.311.2.2.10) used in SPNEGO negotiation.
     */
    public static ASN1ObjectIdentifier NTLMSSP_OID;

    static {
        try {
            NTLMSSP_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10");
        } catch (final IllegalArgumentException e) {
            log.error("Failed to parse OID", e);
        }
    }

field, [`Policies`](/pkg/crypto/x509/#Certificate.Policies), which supports
certificate policy OIDs with components larger than 31 bits. By default this
field is only used during parsing, when it is populated with policy OIDs, but
not used during marshaling. It can be used to marshal these larger OIDs, instead
of the existing PolicyIdentifiers field, by using the
[`x509usepolicies` setting](/pkg/crypto/x509/#CreateCertificate).

                || "ldap.admin.security.credentials".equals(key) //
                || "spnego.preauth.password".equals(key) //
                || "app.cipher.key".equals(key) //
                || "oic.client.id".equals(key) //
                || "oic.client.secret".equals(key);
    }

    /**
     * Gets a list of items relevant for bug reports.
     *
     * @return list of bug report items
     */

- Kube-apiserver: fixes a 1.32+ regression validating OIDC and anonymous authentication flags are mutually exclusive to authentication configuration. Fixes an issue where the kube-apiserver `/flagz` endpoint would not respond correctly with parsed flags value. ([#130332](https://github.com/kubernetes/kube...

    static {
        try {
            SPNEGO_MECH_OID = new ASN1ObjectIdentifier("1.3.6.1.5.5.2");
        } catch (final IllegalArgumentException e) {
            log.error("Failed to initialize OID", e);
        }
    }

    private final SSPContext mechContext;

    private boolean firstResponse = true;
    private boolean completed;

    private ASN1ObjectIdentifier[] mechs;

* Bug fixes:

  * Make gcp auth provider not to override the Auth header if it's already exits ([#45575](https://github.com/kubernetes/kubernetes/pull/45575), [@wanghaoran1988](https://github.com/wanghaoran1988))

  * The oidc client plugin has reduce round trips and fix scopes requested ([#45317](https://github.com/kubernetes/kubernetes/pull/45317), [@ericchiang](https://github.com/ericchiang))

            final ASN1ObjectIdentifier spnego = (ASN1ObjectIdentifier) vec.getObjectAt(0);
            if (!SPNEGO_OID.equals(spnego)) {
                throw new IOException("Malformed SPNEGO token, OID " + spnego);
            }
            ASN1TaggedObject tagged = (ASN1TaggedObject) vec.getObjectAt(1);
            if (tagged.getTagNo() != 0) {