mirror of
https://github.com/minio/minio.git
synced 2025-01-18 10:13:16 -05:00
464b9d7c80
- Adds an STS API `AssumeRoleWithCustomToken` that can be used to authenticate via the Id. Mgmt. Plugin. - Adds a sample identity manager plugin implementation - Add doc for plugin and STS API - Add an example program using go SDK for AssumeRoleWithCustomToken
3.0 KiB
3.0 KiB
AssumeRoleWithCustomToken
Introduction
To integrate with custom authentication methods using the Identity Management Plugin), MinIO provides an STS API extension called AssumeRoleWithCustomToken
.
After configuring the plugin, use the generated Role ARN with AssumeRoleWithCustomToken
to get temporary credentials to access object storage.
API Request
To make an STS API request with this method, send a POST request to the MinIO endpoint with following query parameters:
Parameter | Type | Required | |
---|---|---|---|
Action | String | Yes | Value must be AssumeRoleWithCustomToken |
Version | String | Yes | Value must be 2011-06-15 |
Token | String | Yes | Token to be authenticated by identity plugin |
RoleArn | String | Yes | Must match the Role ARN generated for the identity plugin |
DurationSeconds | Integer | No | Duration of validity of generated credentials. Must be at least 900. |
The validity duration of the generated STS credentials is the minimum of the DurationSeconds
parameter (if passed) and the validity duration returned by the Identity Management Plugin.
API Response
XML response for this API is similar to AWS STS AssumeRoleWithWebIdentity
Example request and response
Sample request with curl
:
curl -XPOST 'http://localhost:9001/?Action=AssumeRoleWithCustomToken&Version=2011-06-15&Token=aaa&RoleArn=arn:minio:iam:::role/idmp-vGxBdLkOc8mQPU1-UQbBh-yWWVQ'
Prettified Response:
<?xml version="1.0" encoding="UTF-8"?>
<AssumeRoleWithCustomTokenResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<AssumeRoleWithCustomTokenResult>
<Credentials>
<AccessKeyId>24Y5H9VHE14H47GEOKCX</AccessKeyId>
<SecretAccessKey>H+aBfQ9B1AeWWb++84hvp4tlFBo9aP+hUTdLFIeg</SecretAccessKey>
<Expiration>2022-05-25T19:56:34Z</Expiration>
<SessionToken>eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiIyNFk1SDlWSEUxNEg0N0dFT0tDWCIsImV4cCI6MTY1MzUwODU5NCwiZ3JvdXBzIjpbImRhdGEtc2NpZW5jZSJdLCJwYXJlbnQiOiJjdXN0b206QWxpY2UiLCJyb2xlQXJuIjoiYXJuOm1pbmlvOmlhbTo6OnJvbGUvaWRtcC14eHgiLCJzdWIiOiJjdXN0b206QWxpY2UifQ.1tO1LmlUNXiy-wl-ZbkJLWTpaPlhaGqHehsi21lNAmAGCImHHsPb-GA4lRq6GkvHAODN5ZYCf_S-OwpOOdxFwA</SessionToken>
</Credentials>
<AssumedUser>custom:Alice</AssumedUser>
</AssumeRoleWithCustomTokenResult>
<ResponseMetadata>
<RequestId>16F26E081E36DE63</RequestId>
</ResponseMetadata>
</AssumeRoleWithCustomTokenResponse>