MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

update: keycloak binding documentation (#13894)

Browse Source
This commit is contained in:
fpaupier 2021-12-14 03:23:16 +01:00 committed by GitHub
parent d422d24278
commit 40dbe243d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/sts/keycloak.md
View File

@ -4,7 +4,8 @@ Keycloak is an open source Identity and Access Management solution aimed at mode
## Prerequisites
Configure and install keycloak server by following [Keycloak Installation Guide](https://www.keycloak.org/docs/latest/getting_started/index.html) (finish upto section 3.4)
Configure and install keycloak server by following [Keycloak Installation Guide](https://www.keycloak.org/docs/latest/server_installation/#installing-the-software).
For a quick installation, docker-compose reference configs are also available on the [Keycloak GitHub](https://github.com/keycloak/keycloak-containers/tree/main/docker-compose-examples).
### Configure Keycloak Realm
- Go to Clients
@ -27,7 +28,7 @@ Configure and install keycloak server by following [Keycloak Installation Guide]
- Save
- Go to Clients
- Client on `account`
- Click on `account`
- Mappers
- Create
- `Name` with any text
@ -37,7 +38,7 @@ Configure and install keycloak server by following [Keycloak Installation Guide]
- `Claim JSON Type` is `string`
- Save
- Open http://localhost:8080/auth/realms/minio/.well-known/openid-configuration to verify OpenID discovery document, verify it has `authorization_endpoint` and `jwks_uri`
- Open http://localhost:8080/auth/realms/{your-realm-name}/.well-known/openid-configuration to verify OpenID discovery document, verify it has `authorization_endpoint` and `jwks_uri`
### Enable Keycloak Admin REST API support
Before being able to authenticate against the Admin REST API using a client_id and a client_secret you need to make sure the client is configured as it follows:
@ -116,7 +117,7 @@ MINIO_IDENTITY_OPENID_COMMENT (sentence) optionally add a comment to this
Set `identity_openid` config with `config_url`, `client_id` and restart MinIO
```
~ mc admin config set myminio identity_openid config_url="http://localhost:8080/auth/realms/minio/.well-known/openid-configuration" client_id="account"
~ mc admin config set myminio identity_openid config_url="http://localhost:8080/auth/realms/{your-realm-name}/.well-known/openid-configuration" client_id="account"
```
> NOTE: You can configure the `scopes` parameter to restrict the OpenID scopes requested by minio to the IdP, for example, `"openid,policy_role_attribute"`, being `policy_role_attribute` a client_scope / client_mapper that maps a role attribute called policy to a `policy` claim returned by Keycloak