}

  @Test
  fun preserveQueryParamsAfterRedacted() {
    url =
      server.url(
        """/api/login?
      |user=test_user&
      |authentication=basic&
      |password=confidential_password&
      |authentication=rather simple login method
        """.trimMargin(),
      )
    val networkInterceptor =
      HttpLoggingInterceptor(networkLogs).setLevel(
        Level.BASIC,
      )

        authenticator.setResponseForType(SsoResponseType.METADATA, metadataResponse);

        String logoutUrl = "https://sso.example.com/logout";
        authenticator.setLogoutUrl(logoutUrl);

        // Execute authentication flow
        LoginCredential loginResult = authenticator.getLoginCredential();
        assertNotNull(loginResult);

        TestLoginCredentialResolver resolver = new TestLoginCredentialResolver();

        }
    }

    @Test
    @DisplayName("Should return false if neither renewable nor NTLM authentication succeeds")
    void testRenewCredentials_NoRenewalPossible() {
        // Ensure credentials are not renewable

        }
    }

    public void test_throwAndCatchAsFessSystemException() {
        // Test catching as parent exception type
        String type = "BasicAuth";
        String message = "Authentication failed";

        try {
            throw new InvalidAccessTokenException(type, message);
        } catch (FessSystemException e) {
            assertTrue(e instanceof InvalidAccessTokenException);

    }

    public void test_complexMessageCode() {
        // Setup - test with a complex message code that has parameters
        final String errorDetail = "Authentication failed";
        final VaMessenger<FessMessages> complexMessageCode =
                messages -> messages.addErrorsFailedToProcessSsoRequest(UserMessages.GLOBAL_PROPERTY_KEY, errorDetail);

In limited situations OkHttp will retry a route if connecting fails:

 * When making an HTTPS connection through an HTTP proxy, the proxy may issue an authentication challenge. OkHttp will call the proxy [authenticator](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-authenticator/) and try again.

		if ok {
			tc.FuncName = "handler.MetricsV3"
			tc.ResponseRecorder.LogErrBody = true
		}

		innerHandler.ServeHTTP(w, r)
	})

	// Add authentication
	h.auth(tracedHandler).ServeHTTP(w, r)

import jcifs.Address;
import jcifs.CIFSContext;
import jcifs.Configuration;
import jcifs.DialectVersion;
import jcifs.internal.smb2.nego.Smb2NegotiateResponse;

/**
 * Test Pre-Authentication Integrity improvements
 */
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
public class PreauthIntegrityTest {

    @Mock
    private CIFSContext context;

    @Mock

     *
     * @param sessionKey
     *            the session key for signing
     * @param dialect
     *            the SMB2 dialect version
     * @param preauthIntegrityHash
     *            the pre-authentication integrity hash (for SMB 3.1.1)
     * @throws GeneralSecurityException
     *             if the signing algorithm cannot be initialized
     *
     */

var errSessionPolicyTooLarge = errors.New("Session policy should not exceed 2048 characters")

// error returned in SFTP when user used public key without certificate
var errSftpPublicKeyWithoutCert = errors.New("public key authentication without certificate is not accepted")

// error returned in SFTP when user used certificate which does not contain principal(s)