first landed on `console-1.minio.example.org`, they must be redirected back to the same place after logging in at the OpenID provider's web-page. To ensure this, set the `MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=on` parameter - this lets MinIO set the redirect URL based on the "Host" header of the (initial login) request.

The **deprecated** parameter `MINIO_IDENTITY_OPENID_REDIRECT_URI` works similar to the `MINIO_BROWSER_REDIRECT_URL` but needs to include the `/oauth_callback` suffix. Please...

  }
}
```

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Casdoor user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Keycloak user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Keycloak user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}
```

### Visit <http://localhost:8080>

You will be redirected to dex login screen - click "Login with email", enter username password
> username: ******@****.***
> password: password

and then click "Grant access"

	globalIsTesting = false

	// This flag is set to 'true' by default
	globalBrowserEnabled = true

	// Custom browser redirect URL, not set by default
	// and it is automatically deduced.
	globalBrowserRedirectURL *xnet.URL

	// Disable redirect, default is enabled.
	globalBrowserRedirect bool

	// globalBrowserConfig Browser user configurable settings
	globalBrowserConfig browser.Config

	ClaimName     = "claim_name"
	ClaimUserinfo = "claim_userinfo"
	RolePolicy    = "role_policy"
	DisplayName   = "display_name"

	Scopes             = "scopes"
	RedirectURI        = "redirect_uri"
	RedirectURIDynamic = "redirect_uri_dynamic"
	Vendor             = "vendor"

	// Vendor specific ENV only enabled if the Vendor matches == "vendor"
	KeyCloakRealm    = "keycloak_realm"
	KeyCloakAdminURL = "keycloak_admin_url"

              value: {{ .Values.oidc.scopes }}
            - name: MINIO_IDENTITY_OPENID_COMMENT
              value: {{ .Values.oidc.comment }}
            - name: MINIO_IDENTITY_OPENID_REDIRECT_URI
              value: {{ .Values.oidc.redirectUri }}
            - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME
              value: {{ .Values.oidc.displayName }}
            {{- end }}

			fmt.Sprintf("client_id=%s", testApp.ClientID),
			fmt.Sprintf("client_secret=%s", testApp.ClientSecret),
			"scopes=openid,groups",
			fmt.Sprintf("redirect_uri=%s", testApp.RedirectURL),
		}
		if rolePolicies[i] != "" {
			configCmds = append(configCmds, fmt.Sprintf("role_policy=%s", rolePolicies[i]))
		} else {
			configCmds = append(configCmds, "claim_name=groups")

MINIO_IDENTITY_OPENID_CLAIM_NAME value: {{ .Values.oidc.claimName }} - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX value: {{ .Values.oidc.claimPrefix }} - name: MINIO_IDENTITY_OPENID_SCOPES value: {{ .Values.oidc.scopes }} - name: MINIO_IDENTITY_OPENID_REDIRECT_URI value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} {{- end}} {{- if .Values.etcd.endpoints }} - name: MINIO_ETCD_ENDPOINTS value: {{ join "," .Values.etcd.endpoints | quote }} {{- if...