minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

DOCS-476: OIDC, Keycloak, Dex, and Policy Variables (#735)

Browse Source
This commit is contained in:
Ravind Kumar
2023-03-24 18:39:50 -04:00
committed by GitHub
parent 12177544ba
commit b32d6167db
21 changed files with 1922 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
source/reference/minio-mc-admin/mc-admin-config.rst
View File

@ -2213,6 +2213,8 @@ configuration settings.
.. mc-conf:: claim_name
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-claim-name
:end-before: end-minio-openid-claim-name
@ -2223,13 +2225,24 @@ configuration settings.
.. mc-conf:: claim_prefix
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-claim-prefix
:end-before: end-minio-openid-claim-prefix
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_OPENID_CLAIM_PREFIX` environment variable.
.. mc-conf:: display_name
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-display-name
:end-before: end-minio-openid-display-name
.. mc-conf:: scopes
:delimiter: " "
@ -2245,7 +2258,6 @@ configuration settings.
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-redirect-uri
:end-before: end-minio-openid-redirect-uri
@ -2253,6 +2265,66 @@ configuration settings.
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_OPENID_REDIRECT_URI` environment variable.
.. mc-conf:: redirect_uri_dynamic
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-redirect-uri-dynamic
:end-before: end-minio-openid-redirect-uri-dynamic
This configuration setting corresponds with the :envvar:`MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC` environment variable.
.. mc-conf:: claim_userinfo
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-claim-userinfo
:end-before: end-minio-openid-claim-userinfo
This configuration setting corresponds with the :envvar:`MINIO_IDENTITY_OPENID_CLAIM_USERINFO` environment variable.
.. mc-conf:: vendor
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-vendor
:end-before: end-minio-openid-vendor
This configuration setting corresponds with the :envvar:`MINIO_IDENTITY_OPENID_VENDOR` environment variable.
.. mc-conf:: keycloak_realm
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-keycloak-realm
:end-before: end-minio-openid-keycloak-realm
This configuration setting corresponds with the :envvar:`MINIO_IDENTITY_OPENID_KEYCLOAK_REALM` environment variable.
Requires :mc-conf:`identity_openid.vendor` set to ``keycloak``.
.. mc-conf:: keycloak_admin_url
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-keycloak-admin-url
:end-before: end-minio-openid-keycloak-admin-url
This configuration setting corresponds with the :envvar:`MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL` environment variable.
Requires :mc-conf:`identity_openid.vendor` set to ``keycloak``.
.. mc-conf:: comment
:delimiter: " "
@ -2262,4 +2334,76 @@ configuration settings.
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_OPENID_COMMENT` environment variable.
.. _minio-identity-management-plugin-settings:
Identity Management Plugin
~~~~~~~~~~~~~~~~~~~~~~~~~~
The following section documents settings for enabling external identity management using the MinIO Identity Management Plugin.
See :ref:`minio-external-identity-management-plugin` for a tutorial on using these configuration settings.
.. mc-conf:: identity_plugin
The top-level configuration key for enabling :ref:`minio-external-identity-management-plugin`.
Use :mc-cmd:`mc admin config set` to set or update the configuration.
The :mc-conf:`~identity_plugin.url` and :mc-conf:`~identity_plugin.role_policy` arguments are *required*.
Specify additional optional arguments as a whitespace (``" "``)-delimited list.
.. code-block:: shell
:class: copyable
mc admin config set identity_plugin \
url="https://external-auth.example.net:8080/auth" \
role_policy="consoleAdmin" \
[ARGUMENT=VALUE] ... \
The :mc-conf:`identity_plugin` configuration key supports the following arguments:
.. mc-conf:: url
:delimiter: " "
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-plugin-url
:end-before: end-minio-identity-management-plugin-url
.. mc-conf:: role_policy
:delimiter: " "
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-role-policy
:end-before: end-minio-identity-management-role-policy
.. mc-conf:: token
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-auth-token
:end-before: end-minio-identity-management-auth-token
.. mc-conf:: role_id
:delimiter: " "
:debug:
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-role-id
:end-before: end-minio-identity-management-role-id
.. mc-conf:: comment
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-comment
:end-before: end-minio-identity-management-comment

4
source/reference/minio-mc/mc-ping.rst
View File

@ -13,11 +13,11 @@
Syntax
------
.. start-mc-pipe-desc
.. start-mc-ping-desc
The :mc:`mc ping` command performs a liveness check on a specified target.
.. end-mc-pipe-desc
.. end-mc-ping-desc
.. tab-set::

109
source/reference/minio-server/minio-server.rst
View File

@ -2433,6 +2433,14 @@ identity management using an OpenID Connect (OIDC)-compatible provider. See
:mc-conf:`identity_openid claim_prefix
<identity_openid.claim_prefix>` setting.
.. envvar:: MINIO_IDENTITY_OPENID_DISPLAY_NAME
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-display-name
:end-before: end-minio-openid-display-name
.. envvar:: MINIO_IDENTITY_OPENID_SCOPES
*Optional*
@ -2456,7 +2464,61 @@ identity management using an OpenID Connect (OIDC)-compatible provider. See
This environment variable corresponds with the
:mc-conf:`identity_openid scopes
<identity_openid.redirect_uri>` setting.
.. envvar:: MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-redirect-uri-dynamic
:end-before: end-minio-openid-redirect-uri-dynamic
This environment variable corresponds with the :mc-conf:`identity_openid redirect_uri_dynamic <identity_openid.redirect_uri_dynamic>` setting.
.. envvar:: MINIO_IDENTITY_OPENID_CLAIM_USERINFO
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-claim-userinfo
:end-before: end-minio-openid-claim-userinfo
This environment variable corresponds with the :mc-conf:`identity_openid claim_userinfo <identity_openid.claim_userinfo>` setting.
.. envvar:: MINIO_IDENTITY_OPENID_VENDOR
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-vendor
:end-before: end-minio-openid-vendor
This environment variable corresponds with the :mc-conf:`identity_openid vendor <identity_openid.vendor>` setting.
.. envvar:: MINIO_IDENTITY_OPENID_KEYCLOAK_REALM
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-keycloak-realm
:end-before: end-minio-openid-keycloak-realm
This environment variable corresponds with the :mc-conf:`identity_openid keycloak_realm <identity_openid.keycloak_realm>` setting.
Requires :envvar:`MINIO_IDENTITY_OPENID_VENDOR` set to ``keycloak``.
.. envvar:: MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-keycloak-admin-url
:end-before: end-minio-openid-keycloak-admin-url
This environment variable corresponds with the :mc-conf:`identity_openid keycloak_admin_url <identity_openid.keycloak_admin_url>` setting.
Requires :envvar:`MINIO_IDENTITY_OPENID_VENDOR` set to ``keycloak``.
.. envvar:: MINIO_IDENTITY_OPENID_COMMENT
@ -2470,6 +2532,51 @@ identity management using an OpenID Connect (OIDC)-compatible provider. See
:mc-conf:`identity_openid comment
<identity_openid.comment>` setting.
.. _minio-server-envvar-external-identity-management-plugin:
MinIO Identity Management Plugin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. envvar:: MINIO_IDENTITY_PLUGIN_URL
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-plugin-url
:end-before: end-minio-identity-management-plugin-url
.. envvar:: MINIO_IDENTITY_PLUGIN_ROLE_POLICY
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-role-policy
:end-before: end-minio-identity-management-role-policy
.. envvar:: MINIO_IDENTITY_PLUGIN_TOKEN
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-auth-token
:end-before: end-minio-identity-management-auth-token
.. envvar:: MINIO_IDENTITY_PLUGIN_ROLE_ID
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-role-id
:end-before: end-minio-identity-management-role-id
.. envvar:: MINIO_IDENTITY_PLUGIN_COMMENT
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-identity-management-comment
:end-before: end-minio-identity-management-comment
Batch Replication
~~~~~~~~~~~~~~~~~
@ -2477,4 +2584,4 @@ Batch Replication
*Optional*
Enable parallel workers by specifying the maximum number of processes to use when performing the batch application job.
Enable parallel workers by specifying the maximum number of processes to use when performing the batch application job.