mirror of
https://github.com/minio/docs.git
synced 2025-07-31 18:04:52 +03:00
Further removal of legacy console references
This commit is contained in:
@ -79,24 +79,7 @@ Replace ``POLICY`` with the name of the MinIO policy to assign to the user or gr
|
||||
|
||||
See :ref:`minio-external-identity-management-ad-ldap-access-control` for more information on access control with AD/LDAP users and groups.
|
||||
|
||||
4) Use the MinIO Tenant Console to Log In with AD/LDAP Credentials
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The MinIO Console supports the full workflow of authenticating to the AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment.
|
||||
|
||||
See :ref:`Deploy MinIO Tenant: Connect to the Tenant <create-tenant-connect-tenant>` for additonal information about accessing the Tenant Console.
|
||||
|
||||
If the AD/LDAP configuration succeeded, the Console displays a button to login with AD/LDAP credentials.
|
||||
|
||||
Enter the user's AD/LDAP credentials and log in to access the Console.
|
||||
|
||||
Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-ad-ldap-access-control>`.
|
||||
|
||||
You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO.
|
||||
Access Keys are long-lived credentials which inherit their privileges from the parent user.
|
||||
The parent user can further restrict those privileges while creating the access keys.
|
||||
|
||||
5) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
|
||||
4) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Applications can use an AD/LDAP user credential to generate temporary S3-compatible credentials as-needed using the :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) API endpoint.
|
||||
|
@ -35,48 +35,14 @@ Set the value to any :ref:`policy <minio-policy>` on the MinIO deployment.
|
||||
4) Configure MinIO for Keycloak Authentication
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
MinIO supports multiple methods for configuring Keycloak authentication:
|
||||
|
||||
- Using the MinIO Tenant Console
|
||||
- Using a terminal/shell and the :mc:`mc idp openid` command
|
||||
|
||||
.. tab-set::
|
||||
|
||||
.. tab-item:: MinIO Tenant Console
|
||||
|
||||
You can use the MinIO Tenant Console to configure Keycloak as the External Identity Provider for the MinIO Tenant.
|
||||
|
||||
Access the Console service using the NodePort, Ingress, or Load Balancer endpoint.
|
||||
You can use the following command to review the Console configuration:
|
||||
|
||||
.. code-block:: shell
|
||||
:class: copyable
|
||||
|
||||
kubectl describe svc/TENANT_NAME-console -n TENANT_NAMESPACE
|
||||
|
||||
Replace ``TENANT_NAME`` and ``TENANT_NAMESPACE`` with the name of the MinIO Tenant and it's Namespace, respectively.
|
||||
|
||||
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
|
||||
:start-after: start-configure-keycloak-minio-console
|
||||
:end-before: end-configure-keycloak-minio-console
|
||||
|
||||
Select :guilabel:`Save` to apply the configuration.
|
||||
|
||||
.. tab-item:: CLI
|
||||
|
||||
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
|
||||
:start-after: start-configure-keycloak-minio-cli
|
||||
:end-before: end-configure-keycloak-minio-cli
|
||||
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
|
||||
:start-after: start-configure-keycloak-minio-cli
|
||||
:end-before: end-configure-keycloak-minio-cli
|
||||
|
||||
Restart the MinIO deployment for the changes to apply.
|
||||
|
||||
Check the MinIO logs and verify that startup succeeded with no errors related to the OIDC configuration.
|
||||
|
||||
If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`.
|
||||
|
||||
Specify a configured user and attempt to log in.
|
||||
MinIO should automatically redirect you to the Keycloak login entry.
|
||||
Upon successful authentication, Keycloak should redirect you back to the MinIO Console using either the originating Console URL *or* the :guilabel:`Redirect URI` if configured.
|
||||
|
||||
5) Generate Application Credentials using the Security Token Service (STS)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
@ -97,24 +97,7 @@ MinIO attaches the ``datareadonly`` policy to any authenticated OIDC user with `
|
||||
|
||||
See :ref:`minio-external-identity-management-openid-access-control` for more information on access control with OIDC users and groups.
|
||||
|
||||
4) Use the MinIO Tenant Console to Log In with OIDC Credentials
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The MinIO Console supports the full workflow of authenticating to the OIDC provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment.
|
||||
|
||||
See :ref:`Deploy MinIO Tenant: Connect to the Tenant <create-tenant-connect-tenant>` for additonal information about accessing the Tenant Console.
|
||||
|
||||
If the OIDC configuration succeeded, the Console displays a button to login with OIDC credentials.
|
||||
|
||||
Enter the user's OIDC credentials and log in to access the Console.
|
||||
|
||||
Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-openid-access-control>`.
|
||||
|
||||
You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO.
|
||||
Access Keys are long-lived credentials which inherit their privileges from the parent user.
|
||||
The parent user can further restrict those privileges while creating the access keys.
|
||||
|
||||
5) Generate S3-Compatible Temporary Credentials using OIDC Credentials
|
||||
4) Generate S3-Compatible Temporary Credentials using OIDC Credentials
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Applications can generate temporary access credentials as-needed using the :ref:`minio-sts-assumerolewithwebidentity` Security Token Service (STS) API endpoint and the JSON Web Token (JWT) returned by the :abbr:`OIDC (OpenID Connect)` provider.
|
||||
|
Reference in New Issue
Block a user