08f2da3343
- Updates references for licensing to use "Enterprise" branding - Updates the mc idp ldap policy entities command with flags and changes to groups - Deprecates OpenID envvar Closes #1271
9.3 KiB
OpenID Identity Management Settings
minio
Table of Contents
This page documents settings for enabling external identity
management using an OpenID Connect (OIDC)-compatible provider. See minio-external-identity-management-openid for a
tutorial on using these settings.
Examples
Environment Variables
MINIO_IDENTITY_OPENID_CONFIG_URL="https://openid-provider.example.net/.well-known/openid-configuration"Configuration Settings
identity_openid
Use mc admin config set to set or update the OpenID
configuration. The ~identity_openid.config_url argument is
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_openid \
config_url="https://openid-provider.example.net/.well-known/openid-configuration" \
[ARGUMENT="VALUE"] ... Settings
Config URL
Required
Environment Variable
MINIO_IDENTITY_OPENID_CONFIG_URL
Configuration Setting
identity_openid config_url
Enabled
Optional
Environment Variable
This setting does not have an environment variable option. Use the Configuration Setting instead.
Configuration Setting
identity_openid enabled
Set to false to disable the OpenID configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
Client ID
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLIENT_ID
Configuration Setting
identity_openid client_id
Client Secret
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLIENT_SECRET
Configuration Setting
identity_openid client_secret
Role Policy
Optional
This setting is mutually exclusive with the Claim Name
setting.
Environment Variable
MINIO_IDENTITY_OPENID_ROLE_POLICY
Configuration Setting
identity_openid role_policy
Claim Name
Optional
This setting is mutually exclusive with the Role Policy
setting.
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_NAME
Configuration Setting
identity_openid claim_name
Claim Prefix
Optional
This setting is deprecated and has been removed as of RELEASE.2024-07-13T01-46-15Z. Use MINIO_IDENTITY_OPENID_CLAIM_NAME instead.
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_PREFIX
Configuration Setting
identity_openid claim_prefix
Display Name
Optional
Environment Variable
MINIO_IDENTITY_OPENID_DISPLAY_NAME
Configuration Setting
identity_openid display_name
Scopes
Optional
Environment Variable
MINIO_IDENTITY_OPENID_SCOPES
Configuration Setting
identity_openid scopes
Redirect URI
Optional
This setting is deprecated and has been removed as of RELEASE.2024-07-13T01-46-15Z. Use MINIO_BROWSER_REDIRECT_URL
instead.
Environment Variable
MINIO_IDENTITY_OPENID_REDIRECT_URI
Configuration Setting
identity_openid redirect_uri
Dynamic URI Redirect
Optional
Environment Variable
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC
Configuration Setting
identity_openid redirect_uri_dynamic
User Info
Optional
Environment Variable
MINIO_IDENTITY_OPENID_CLAIM_USERINFO
Configuration Setting
identity_openid claim_userinfo
Vendor
Optional
Environment Variable
MINIO_IDENTITY_OPENID_VENDOR
Configuration Setting
identity_openid vendor
Keycloak Realm
Optional
This setting requires that the OpenID Vendor setting be
defined as keycloak.
Environment Variable
MINIO_IDENTITY_OPENID_KEYCLOAK_REALM
Configuration Setting
identity_openid keycloak_realm
Keycloak Admin URL
Optional
This setting requires that the OpenID Vendor setting be
defined as keycloak.
Environment Variable
MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL
Configuration Setting
identity_openid keycloak_admin_url
Comment
Optional
Environment Variable
MINIO_IDENTITY_OPENID_COMMENT
Configuration Setting
identity_openid comment