Use `Response.challenges()` to get the schemes and realms of any authentication challenges. When fulfilling a `Basic` challenge, use `Credentials.basic(username, password)` to encode the request header.

=== ":material-language-kotlin: Kotlin"
    ```kotlin
      private val client = OkHttpClient.Builder()
          .authenticator(object : Authenticator {
            @Throws(IOException::class)

labels.menu_label_type=Label
labels.menu_key_match=Key Match
labels.menu_boost_document_rule=Document Boost
labels.menu_path_mapping=Path Mapping
labels.menu_web_authentication=Web Authentication
labels.menu_file_authentication=File Authentication
labels.menu_request_header=Request Header
labels.menu_duplicate_host=Duplicate Host
labels.menu_user=User
labels.menu_role=Role
labels.menu_group=Group
labels.menu_suggest=Suggest

import kotlin.text.Charsets.ISO_8859_1
import okhttp3.internal.unmodifiable

/**
 * An [RFC 7235][rfc_7235] challenge.
 *
 * [rfc_7235]: https://tools.ietf.org/html/rfc7235
 */
class Challenge(
  /** Returns the authentication scheme, like `Basic`. */
  @get:JvmName("scheme") val scheme: String,
  authParams: Map<String?, String>,
) {
  /**
   * Returns the auth params, including [realm] and [charset] if present, but as

        super();
    }

    /**
     * Behavior class for web configuration operations.
     */
    @Resource
    protected WebConfigBhv webConfigBhv;

    /**
     * Behavior class for web authentication operations.
     */
    @Resource
    protected WebAuthenticationBhv webAuthenticationBhv;

    /**
     * Behavior class for request header operations.
     */
    @Resource

#                                                 Permission
#                                                     ------

# Admin user names for authentication.
authentication.admin.users=admin
# Admin role names for authentication.
authentication.admin.roles=admin

# Default permissions for search roles.
role.search.default.permissions=
# Default display permissions for search roles.

    }

    public void test_throwAndCatch() {
        // Test throwing and catching the exception
        String expectedMessage = "LDAP authentication failed";
        try {
            throw new LdapOperationException(expectedMessage);
        } catch (LdapOperationException e) {
            assertEquals(expectedMessage, e.getMessage());

 */
package org.codelibs.fess.exception;

/**
 * Exception thrown during SSO (Single Sign-On) processing operations.
 *
 * This exception is used to indicate errors that occur during the execution
 * of SSO authentication and authorization processes. It extends FessSystemException
 * to provide consistent error handling within the Fess system for SSO-related
 * processing failures such as token validation errors, communication failures

import jakarta.servlet.ServletContext;

/**
 * Base action class for admin pages in Fess.
 * <p>
 * This abstract class provides common functionality for all admin actions,
 * including authentication, authorization, and HTML data setup.
 * </p>
 *
 */
public abstract class FessAdminAction extends FessBaseAction {

    /** Constant suffix for view names. */
    public static final String VIEW = "-view";

    // retry, we return true and try a new route.
    return true
  }

  /**
   * Figures out the HTTP request to make in response to receiving [userResponse]. This will
   * either add authentication headers, follow redirects or handle a client request timeout. If a
   * follow-up is either unnecessary or not applicable, this returns null.
   */
  @Throws(IOException::class)
  private fun followUpRequest(

   *
   *  * For redirects (301: Moved Permanently, 302: Temporary Redirect, etc.)
   *  * For auth challenges (401: Unauthorized, 407: Proxy Authentication Required.)
   *  * For client timeouts (408: Request Time-Out.)
   *  * For server failures (503: Service Unavailable.)
   *
   * Response header values like `Location` and `Retry-After` are also considered.
   *