Implement AssumeRole API for Minio users (#7267)

For actual API reference read here https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html Documentation is added and updated as well at docs/sts/assume-role.md Fixes #6381
2025-12-04 23:02:31 -05:00 · 2019-02-27 17:46:55 -08:00
parent ce588d1489
commit c3ca954684
27 changed files with 446 additions and 89 deletions
--- a/docs/sts/wso2.md
+++ b/docs/sts/wso2.md
@@ -60,11 +60,11 @@ The access token received is a signed JSON Web Token (JWT). Use a JWT decoder to
 |iat| _integer_ |	The token issue time. |
 |exp| _integer_ |	The token expiration time. |
 |jti| _string_ | Unique identifier for the JWT token. |
-|policy| _string_ | Canned policy name to be applied for STS credentials. (Optional) |
+|policy| _string_ | Canned policy name to be applied for STS credentials. (Recommended) |

 Using the above `access_token` we can perform an STS request to Minio to get temporary credentials for Minio API operations. Minio STS API uses [JSON Web Key Set Endpoint](https://docs.wso2.com/display/IS541/JSON+Web+Key+Set+Endpoint) to validate if JWT is valid and is properly signed.

-Optionally you can also configure `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.
+**We recommend setting `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.**

 ### 5. Setup Minio with JWKS URL
 Minio server expects environment variable for JWKS url as `MINIO_IAM_JWKS_URL`, this environment variable takes a single entry.