MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Updates the usage documentation of OpenID custom scopes (#9902)

Browse Source
This commit is contained in:
Ivan Martinez-Ortiz
2020-06-24 16:49:09 +02:00
committed by GitHub
parent f4b2ed2a92
commit 969b2d2110
3 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/sts/keycloak.md
View File

@@ -57,6 +57,7 @@ Set `identity_openid` config with `config_url`, `client_id` and restart MinIO
```
~ mc admin config set myminio identity_openid config_url="http://localhost:8080/auth/realms/demo/.well-known/openid-configuration" client_id="account"
```
> Note: You can configure the `scopes` parameter to restrict the OpenID scopes requested by minio to the IdP, for example, `"openid,policy_role_attribute"`, being `policy_role_attribute` a client_scope / client_mapper that maps a role attribute called policy to a `policy` claim returned by Keycloak
Once successfully set restart the MinIO instance.
```
@@ -87,6 +88,8 @@ This will open the login page of keycloak, upon successful login, STS credential
}
```
> Note: You can use the `-cscopes` parameter to restrict the requested scopes, for example to `"openid,policy_role_attribute"`, being `policy_role_attribute` a client_scope / client_mapper that maps a role attribute called policy to a `policy` claim returned by Keycloak.
These credentials can now be used to perform MinIO API operations.
## 5. Using MinIO Browser