func registerHealthCheckRouter(router *mux.Router) {
	// Healthcheck router
	healthRouter := router.PathPrefix(healthCheckPathPrefix).Subrouter()

	// Cluster check handler to verify cluster is active
	healthRouter.Methods(http.MethodGet).Path(healthCheckClusterPath).HandlerFunc(httpTraceAll(ClusterCheckHandler))

    data = {'grant_type': 'authorization_code',
            'code': authorization_code, 'redirect_uri': callback_uri}
    id_token_response = requests.post(
        token_url, data=data, verify=False,
        allow_redirects=False, auth=(client_id, client_secret))

    print('body: ' + id_token_response.text)

    # we can now use the id_token as much as we want to access protected resources.

    val signedData = CertificateAdapters.tbsCertificate.toDer(tbsCertificate)

    return Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
      initVerify(issuer)
      update(signedData.toByteArray())
      verify(signatureValue.byteString.toByteArray())
    }
  }

  fun toX509Certificate(): X509Certificate {
    val data = CertificateAdapters.certificate.toDer(this)
    try {

     * This test ensures that the constructor runs without errors and correctly initializes the object.
     * The wildcard parameter is stored but its filtering logic is handled server-side,
     * so we only verify its acceptance here.
     */
    @Test
    void testConstructor() {
        // The constructor should not throw any exceptions with valid inputs.
        new DosFileFilter("*.*", SmbFile.ATTR_ARCHIVE);

    
    // Simulate cluster failover (would require test environment setup)
    // ... trigger server failover ...
    
    // Verify that witness notification was received and handled
    assertTrue(listener.waitForNotification(30000));  // 30 second timeout
    
    // Verify file is still accessible after failover
    assertTrue(file.exists());
}

@Test

        registration.updateHeartbeat();

        // After update, should not be expired with long timeout
        assertFalse(registration.isExpired(60000));

        // Verify heartbeat was actually updated
        assertTrue(registration.getLastHeartbeat() > initialTime);
    }

    @Test
    void testExpiration() throws InterruptedException {

				encrd, objectEncryptionKey, err := newEncryptReader(ctx, hr, opts.Kind, opts.KeyID, opts.Key, bucket, req.Key, userDefined, opts.KmsCtx)
				if err != nil {
					errs[idx] = err
					return
				}

				// do not try to verify encrypted content/
				hr, err = hash.NewReader(ctx, encrd, -1, "", "", -1)
				if err != nil {
					errs[idx] = err
					return
				}

				reader, err = reader.WithEncryption(hr, &objectEncryptionKey)

    - `Token Claim Name` is `policy`
    - `Claim JSON Type` is `string`
  - Save

- Open <http://localhost:8080/auth/realms/{your-realm-name}/.well-known/openid-configuration> to verify OpenID discovery document, verify it has `authorization_endpoint` and `jwks_uri`

### Enable Keycloak Admin REST API support

    // Test serialization
    public void xtest_serialization() {
        // Verify that serialVersionUID is defined
        assertTrue(fessEnv instanceof java.io.Serializable);

        // Test that the SimpleImpl class can be instantiated
        FessEnv.SimpleImpl newInstance = new FessEnv.SimpleImpl();
        assertNotNull(newInstance);

        // Verify default values work for new instance

sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth
client_tls_key   (path)      path to client key for mTLS auth
version          (string)    specify the version of the Kafka cluster