feat: Add support to poll users on external SSO (#12592)

Additional support for vendor-specific admin API integrations for OpenID, to ensure validity of credentials on MinIO. Every 5minutes check for validity of credentials on MinIO with vendor specific IDP.
2025-11-07 21:02:58 -05:00 · 2021-07-09 11:17:21 -07:00
parent b79cdc1611
commit 28adb29db3
10 changed files with 494 additions and 68 deletions
--- a/cmd/sts-handlers.go
+++ b/cmd/sts-handlers.go
@@ -68,6 +68,16 @@ const (
 	ldapUsername = "ldapUsername"
 )

+func parseOpenIDParentUser(parentUser string) (userID string, err error) {
+	if strings.HasPrefix(parentUser, "jwt:") {
+		tokens := strings.SplitN(strings.TrimPrefix(parentUser, "jwt:"), ":", 2)
+		if len(tokens) == 2 {
+			return tokens[0], nil
+		}
+	}
+	return "", errSkipFile
+}
+
 // stsAPIHandlers implements and provides http handlers for AWS STS API.
 type stsAPIHandlers struct{}