"The user must change his password before he logs on the first time.", "NT_STATUS_NOT_FOUND",
            "The referenced account is currently locked out and may not be logged on to.",
            "The remote system is not reachable by the transport.", "NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED", };

                        if (logger.isDebugEnabled()) {
                            logger.debug("{} exists.", urlQueue.getUrl(), e);
                        }
                        return;
                    }
                    throw e;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("Storing child urls: {}", resultData.getChildUrlSet());

                } catch (final IOException e) {
                    content = e.getMessage();
                }
                logger.warn("Failed to login on {}. The http status is {}.\n{}", originalLoginUrl, httpStatusCode, content);
            } else if (logger.isDebugEnabled()) {
                logger.debug("Logged in {}", originalLoginUrl);
            }
        });

    }

    /**

            "The user must change his password before he logs on the first time.", "The object was not found.",
            "The referenced account is currently locked out and may not be logged on to.", "Connection refused",
            "The remote system is not reachable by the transport.",
            "The layered file system driver for this I/O tag did not handle it when needed.",

// criticalErrorHandler handles panics and fatal errors by
// `panic(logger.ErrCritical)` as done by `logger.CriticalIf`.
//
// It should be always the first / highest HTTP handler.
func setCriticalErrorHandler(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		defer func() {
			if rec := recover(); rec == logger.ErrCritical { // handle
				stack := debug.Stack()

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

- Open MinIO Console and click `Login with SSO`
- The user will be redirected to the Identity Provider login page
- Upon successful login on Identity Provider page the user will be automatically logged into MinIO Console.

## Explore Further

- [MinIO Admin Complete Guide](https://docs.min.io/community/minio-object-store/reference/minio-mc-admin.html)

		return
	}

	ctx = newContext(r, w, action)

	// Validate the authentication result here so that failures will be audit-logged.
	if apiErrCode != ErrNone {
		stsErr := apiToSTSError(apiErrCode)
		// Borrow the description error from the API error code
		writeSTSErrorResponse(ctx, w, stsErr, errors.New(errorCodes[apiErrCode].Description))

		ng.Go(ctx, func() error {
			// Give 15 seconds to each remote call.
			// Errors are logged but not returned.
			ctx, cancel := context.WithTimeout(ctx, 15*time.Second)
			defer cancel()
			data, err := client.DownloadProfileData(ctx)
			if err != nil {
				reqInfo := (&logger.ReqInfo{}).AppendTags("peerAddress", client.host.String())
				ctx := logger.SetReqInfo(ctx, reqInfo)
				peersLogOnceIf(ctx, err, client.host.String())

			// When an object is locked in compliance mode, its retention mode can't
			// be changed, and its retention period can't be shortened. Compliance mode
			// ensures that an object version can't be overwritten or deleted for the
			// duration of the retention period.
			t, err := objectlock.UTCNowNTP()
			if err != nil {
				internalLogIf(ctx, err, logger.WarningKind)
				return ObjectLocked{}
			}