package main

// This programs mocks user interaction against Dex IDP and generates STS
// credentials. It is for MinIO testing purposes only.
//
// Run like:
//
// $ MINIO_ENDPOINT=http://localhost:9000 go run gen-oidc-sts-cred.go

import (
	"context"
	"fmt"
	"log"
	"net/http"
	"os"

	cr "github.com/minio/minio-go/v7/pkg/credentials"
	cmd "github.com/minio/minio/cmd"
)

func main() {

fi

./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
sleep 5

# Generate STS credential with STS call to minio1
STS_CRED=$(MINIO_ENDPOINT=http://localhost:9001 go run ./docs/site-replication/gen-oidc-sts-cred.go)

MC_HOST_foo=http://${STS_CRED}@localhost:9001 ./mc ls foo
if [ $? -ne 0 ]; then
	echo "Expected sts credential to work, exiting.."
	exit_1
fi

sleep 2

        if: matrix.ldap == 'localhost:389'
        run: |
          make test-site-replication-ldap
      - name: Test OIDC for automatic site replication
        if: matrix.openid == 'http://127.0.0.1:5556/dex'
        run: |
          make test-site-replication-oidc
  iam-import-with-missing-entities:
    name: Test IAM import in new cluster with missing entities
    runs-on: ubuntu-latest
    steps:

# Casdoor Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC and SAML, integrated with Casbin RBAC and ABAC permission management. This document covers configuring Casdoor identity provider support with MinIO.

## Prerequisites

func main() {
	flag.Parse()
	if clientID == "" {
		flag.PrintDefaults()
		return
	}

	ddoc, err := parseDiscoveryDoc(configEndpoint)
	if err != nil {
		log.Println(fmt.Errorf("Failed to parse OIDC discovery document %s", err))
		fmt.Println(err)
		return
	}

	scopes := ddoc.ScopesSupported
	if clientScopes != "" {
		scopes = strings.Split(clientScopes, ",")
	}

	ctx := context.Background()

| [**WebIdentity**](https://github.com/minio/minio/blob/master/docs/sts/web-identity.md) | Let users request temporary credentials using any OpenID(OIDC) compatible web identity providers such as KeyCloak, Dex, Facebook, Google etc. |

  login credentials.

- Allows authentication and access for all
  - Built-in IDP users and their respective service accounts
  - LDAP/AD users and their respective service accounts
  - OpenID/OIDC service accounts

- On versioned buckets, FTP/SFTP only operates on latest objects, if you need to retrieve
  an older version you must use an `S3 API client` such as [`mc`](https://github.com/minio/mc).

/**
 * Constants for SPNEGO authentication mechanism OIDs used in GSS-API negotiations
 */
public interface SpnegoConstants {

    /**
     * OID for the SPNEGO mechanism
     */
    String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";

    /**
     * OID for the Kerberos v5 mechanism
     */
    String KERBEROS_MECHANISM = "1.2.840.113554.1.2.2";

    /**
     * OID for the legacy Kerberos v5 mechanism
     */

        }
    }

    @Test
    @DisplayName("OID values have valid dotted numeric format")
    void oidFormat() {
        assertAll(() -> assertTrue(OID_PATTERN.matcher(SpnegoConstants.SPNEGO_MECHANISM).matches(), "Invalid OID: SPNEGO_MECHANISM"),
                () -> assertTrue(OID_PATTERN.matcher(SpnegoConstants.KERBEROS_MECHANISM).matches(), "Invalid OID: KERBEROS_MECHANISM"),

    /**
     * Gets the negotiated context flags.
     * @return context flags
     */
    int getFlags();

    /**
     * Gets the array of supported security mechanism OIDs.
     * @return array of supported mechanism OIDs
     */
    ASN1ObjectIdentifier[] getSupportedMechs();

    /**
     * Checks whether this mechanism supports message integrity.
     * @return whether this mechanisms supports integrity