4edb3f7bae
# Summary As per a recent customer issue, our guidance on `MINIO_DOMAIN` and path/virtual bucket lookups needs some attention. There are two main areas to address: 1. We need to guide users to avoid namespace collision within the `MINIO_DOMAIN` , as this causes bucket lookup issues with certain MinIO services/features 2. We need to generally improve docs on setting `MINIO_DOMAIN` correctly There is also a side objective from Engineering to ensure we have a simple admonition to direct users to test wherever possible changes to config settings before applying to production. --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
9.0 KiB
OpenID Identity Management Settings
minio
Table of Contents
This page documents settings for enabling external identity
management using an OpenID Connect (OIDC)-compatible provider. See minio-external-identity-management-openid for a
tutorial on using these settings.
Examples
Environment Variables
MINIO_IDENTITY_OPENID_CONFIG_URL="https://openid-provider.example.net/.well-known/openid-configuration"Configuration Settings
identity_openid
Use mc admin config set to set or update the OpenID
configuration. The ~identity_openid.config_url argument is
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_openid \
config_url="https://openid-provider.example.net/.well-known/openid-configuration" \
[ARGUMENT="VALUE"] ... Settings
Config URL
Required
Environment Variable
MINIO_IDENTITY_OPENID_CONFIG_URL
Configuration Setting
identity_openid config_url
Enabled
Optional
Environment Variable
This setting does not have an environment variable option. Use the Configuration Setting instead.
Configuration Setting
identity_openid enabled
Set to false to disable the OpenID configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
Client ID
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLIENT_ID
Configuration Setting
identity_openid client_id
Client Secret
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLIENT_SECRET
Configuration Setting
identity_openid client_secret
Role Policy
Optional
This setting is mutually exclusive with the Claim Name
setting.
Environment Variable
MINIO_IDENTITY_OPENID_ROLE_POLICY
Configuration Setting
identity_openid role_policy
Claim Name
Optional
This setting is mutually exclusive with the Role Policy
setting.
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_NAME
Configuration Setting
identity_openid claim_name
Claim Prefix
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_PREFIX
Configuration Setting
identity_openid claim_prefix
Display Name
Optional
Environment Variable
MINIO_IDENTITY_OPENID_DISPLAY_NAME
Configuration Setting
identity_openid display_name
Scopes
Optional
Environment Variable
MINIO_IDENTITY_OPENID_SCOPES
Configuration Setting
identity_openid scopes
Redirect URI
Optional
Environment Variable
MINIO_IDENTITY_OPENID_REDIRECT_URI
Configuration Setting
identity_openid redirect_uri
Dynamic URI Redirect
Optional
Environment Variable
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC
Configuration Setting
identity_openid redirect_uri_dynamic
User Info
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_USERINFO
Configuration Setting
identity_openid claim_userinfo
Vendor
Optional
Environment Variable
MINIO_IDENTITY_OPENID_VENDOR
Configuration Setting
identity_openid vendor
Keycloak Realm
Optional
This setting requires that the OpenID Vendor setting be
defined as keycloak.
Environment Variable
MINIO_IDENTITY_OPENID_KEYCLOAK_REALM
Configuration Setting
identity_openid keycloak_realm
Keycloak Admin URL
Optional
This setting requires that the OpenID Vendor setting be
defined as keycloak.
Environment Variable
MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL
Configuration Setting
identity_openid keycloak_admin_url
Comment
Optional
Environment Variable
MINIO_IDENTITY_OPENID_COMMENT
Configuration Setting
identity_openid comment