minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-06 14:42:56 +03:00
Code Activity
Files
relax-event-restriction
docs/source/reference/minio-server/settings/iam/minio-identity-plugin.rst
Ravind Kumar 4edb3f7bae Improve documentation on MINIO_DOMAIN (#1131) 
# Summary

As per a recent customer issue, our guidance on `MINIO_DOMAIN` and
path/virtual bucket lookups needs some attention.

There are two main areas to address:

1. We need to guide users to avoid namespace collision within the
`MINIO_DOMAIN` , as this causes bucket lookup issues with certain MinIO
services/features
2. We need to generally improve docs on setting `MINIO_DOMAIN` correctly

There is also a side objective from Engineering to ensure we have a
simple admonition to direct users to test wherever possible changes to
config settings before applying to production.

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
2024-02-14 17:16:58 -05:00

4.5 KiB
Raw Permalink Blame History

MinIO Identity Management Plugin Settings

minio

Table of Contents

This page documents settings for enabling external identity management using the MinIO Identity Management Plugin. See minio-external-identity-management-plugin for a tutorial on using these settings.

Examples

When setting up the MinIO Identity Management Plugin, you must define at a minimum all of the required settings. The examples here represent the minimum required settings.

Environment Variables

MINIO_IDENTITY_PLUGIN_URL="https://authservice.example.net:8080/auth"
MINIO_IDENTITY_PLUGIN_ROLE_POLICY="ConsoleUser"

Configuration Settings

identity_plugin

Use mc admin config set to create or update the identity plugin configuration. The identity_plugin url argument is required. Specify additional optional arguments as a whitespace (" ")-delimited list.

mc admin config set identity_plugin                  \
   url="https://external-auth.example.net:8080/auth" \
   role_policy="consoleAdmin"                        \
   [ARGUMENT=VALUE] ...

Settings

URL

Required

Environment Variable

MINIO_IDENTITY_PLUGIN_URL

Configuration Setting

identity_plugin url

Role Policy

Required

Environment Variable

MINIO_IDENTITY_PLUGIN_ROLE_POLICY

Configuration Setting

identity_plugin role_policy

Enable

Optional

Environment Variable

This setting does not have an environment variable option.

Configuration Setting

identity_plugin enabled

Set to false to disable the identity provider configuration.

Applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider if set to false.

Defaults to true or "enabled".

Token

Optional

Environment Variable

MINIO_IDENTITY_PLUGIN_TOKEN

Configuration Setting

identity_plugin token

Role ID

Optional

Environment Variable

MINIO_IDENTITY_PLUGIN_ROLE_ID

Configuration Setting

identity_plugin role_id

Comment

Optional

Environment Variable

MINIO_IDENTITY_PLUGIN_COMMENT

Configuration Setting

identity_plugin comment