minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Fixes for missing or bugs in the custom token STS docs (#1479)

Browse Source 
- Adds that `idmp-` string is added to `ROLE_ID` when generating an ARN
- Updates claims example in the plugin docs to be JSON instead of basic
comma-delimited key-value pairs
This commit is contained in:
Daryl White
2025-07-06 15:43:45 -04:00
committed by GitHub
parent 3fec026a95
commit ef4faab6d8
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/administration/identity-access-management/pluggable-authentication.rst
View File

@ -75,7 +75,7 @@ The login flow for an application is as follows:
{ {
"user": "<string>", "user": "<string>",
"maxValiditySeconds": 3600, "maxValiditySeconds": 3600,
"claims": "KEY=VALUE,[KEY=VALUE,...]" "claims": {"KEY": "VALUE", ...}
} }
.. list-table:: .. list-table::
@ -90,7 +90,7 @@ The login flow for an application is as follows:
- The maximum allowed expiry duration for the returned credentials - The maximum allowed expiry duration for the returned credentials
* - ``claims`` * - ``claims``
- A list of key-value pair claims associated with the requested credentials. - A JSON string of ``"key": "value"`` pair claims associated with the requested credentials.
MinIO reserves and ignores the ``exp``, ``parent``, and ``sub`` claims objects if present. MinIO reserves and ignores the ``exp``, ``parent``, and ``sub`` claims objects if present.
4. MinIO returns a response to the STS API request that includes temporary credentials for use with making authenticated requests. 4. MinIO returns a response to the STS API request that includes temporary credentials for use with making authenticated requests.

3
source/developers/security-token-service/AssumeRoleWithCustomToken.rst
View File

@ -67,6 +67,9 @@ This endpoint supports the following query parameters:
See :envvar:`MINIO_IDENTITY_PLUGIN_ROLE_ID` or :mc-conf:`identity_plugin role_id <identity_plugin.role_id>` for more information. See :envvar:`MINIO_IDENTITY_PLUGIN_ROLE_ID` or :mc-conf:`identity_plugin role_id <identity_plugin.role_id>` for more information.
Note that MinIO automatically prepends ``idmp-`` to a configured ``ROLE_ID`` when generating the RoleArn.
Include that string with the ``ROLE_ID`` if required.
* - ``DurationSeconds`` * - ``DurationSeconds``
- integer - integer
- *Optional* - *Optional*

1
source/includes/common-minio-external-auth.rst
View File

@ -422,6 +422,7 @@ Specify a comma-separated list of MinIO :ref:`policies <minio-policy>` to assign
.. start-minio-identity-management-role-id .. start-minio-identity-management-role-id
Specify a unique ID MinIO uses to generate an ARN for this identity manager. Specify a unique ID MinIO uses to generate an ARN for this identity manager.
MinIO automatically adds an ``idmp-`` prefix to the specified ID when generating the ARN.
If omitted, MinIO automatically generates the ID and prints the full ARN to the server log. If omitted, MinIO automatically generates the ID and prints the full ARN to the server log.