</Credentials>
   </AssumeRoleWithCertificateResult>
   <ResponseMetadata>
      <RequestId>169339CD8B3A6948</RequestId>
   </ResponseMetadata>
</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.

        String logoutUrl = "https://sso.example.com/logout";
        authenticator.setLogoutUrl(logoutUrl);

        // Execute authentication flow
        LoginCredential loginResult = authenticator.getLoginCredential();
        assertNotNull(loginResult);

        TestLoginCredentialResolver resolver = new TestLoginCredentialResolver();

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;

/**
 * Azure Active Directory (Azure AD) SSO authenticator implementation.
 * Handles OAuth2/OpenID Connect authentication flow with Azure AD.
 */
public class AzureAdAuthenticator implements SsoAuthenticator {

    private static final Logger logger = LogManager.getLogger(AzureAdAuthenticator.class);

    /**

 * of EventBus may be better written using <a
 * href="https://kotlinlang.org/docs/coroutines-guide.html">Kotlin coroutines</a>, including <a
 * href="https://kotlinlang.org/docs/flow.html">Flow</a> and <a
 * href="https://kotlinlang.org/docs/channels.html">Channels</a>. Yet other usages are better served
 * by individual libraries that provide specialized support for particular use cases.
 *

        verify(response).flushBuffer();
    }

    /**
     * Test doGet with NTLM authentication for directory listing
     * This test verifies the authentication flow without actual network operations
     */
    @Test
    void testDoGet_DirectoryListing() throws Exception {
        // Create a test-specific NetworkExplorer that mocks file operations

Subclass [EventListener](https://square.github.io/okhttp/3.x/okhttp/okhttp3/EventListener.html) and override methods for the events you are interested in. In a successful HTTP call with no redirects or retries the sequence of events is described by this flow.

![Events Diagram](../assets/images/******@****.***)

may be a (possibly <a href="#Labeled_statements">labeled</a>)
<a href="#Fallthrough_statements">"fallthrough" statement</a> to
indicate that control should flow from the end of this clause to
the first statement of the next clause.
Otherwise control flows to the end of the "switch" statement.
A "fallthrough" statement may appear as the last statement of all
but the last clause of an expression switch.
</p>

<p>

        assertDoesNotThrow(() -> spiedConnection.getInputStream());
    }

    /**
     * Test a successful NTLM authentication handshake.
     * This is a simplified test that verifies the basic flow without full NTLM protocol simulation.
     * @throws IOException
     * @throws SecurityException
     */
    @Test
    void testSuccessfulHandshake() throws IOException, SecurityException {

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

 *  Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we
    could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to
    fail the call.

            ctx.verifyMIC(new byte[] { 5 }, mic);
            ctx.isMICAvailable();
            ctx.dispose();
        }

        @Test
        @DisplayName("Verifies calls and argument flow across methods")
        void testInteractions() throws Exception {
            // Arrange
            when(mockCtx.getSigningKey()).thenReturn(new byte[] { 7 });
            when(mockCtx.isEstablished()).thenReturn(true);