- Eliminates the need to provide access to buckets and objects without having to define static credentials.
- Temporary credentials have a limited lifetime, there is no need to rotate them or explicitly revoke them. Expired temporary credentials cannot be reused.

## Identity Federation

		adminRouter.Methods(http.MethodGet).Path(adminVersion + "/healthinfo").
			HandlerFunc(adminMiddleware(adminAPI.HealthInfoHandler))

		// STS Revocation
		adminRouter.Methods(http.MethodPost).Path(adminVersion + "/revoke-tokens/{userProvider}").HandlerFunc(adminMiddleware(adminAPI.RevokeTokens))
	}

	// If none of the routes match add default error handler routes
	adminRouter.NotFoundHandler = httpTraceAll(errorResponseHandler)

	ldapUserN      = "ldapUsername"   // this is a key name for the short/login username
	// Claim key-prefix for LDAP attributes
	ldapAttribPrefix = "ldapAttrib_"

	// Role Claim key
	roleArnClaim = "roleArn"

	// STS revoke type claim key
	tokenRevokeTypeClaim = "tokenRevokeType"

	// maximum supported STS session policy size
	maxSTSSessionPolicySize = 2048
)

type stsClaims map[string]any

	if err != nil {
		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}

	writeSuccessResponseJSON(w, encryptedData)
}

// RevokeTokens - POST /minio/admin/v3/revoke-tokens/{userProvider}
func (a adminAPIHandlers) RevokeTokens(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()

		c.Fatal("AddUser() for root credential must fail via root STS creds")
	}
}

// TestSTSTokenRevoke - tests the token revoke API
func (s *TestSuiteIAM) TestSTSTokenRevoke(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), 100*testDefaultTimeout)
	defer cancel()

	bucket := getRandomBucketName()

        final java.lang.reflect.Method method = CrawlerThread.class.getDeclaredMethod("isValid", UrlQueue.class);
        method.setAccessible(true);
        final boolean result = (boolean) method.invoke(crawlerThread, urlQueue);

        assertTrue(result);
    }

    /**
     * Test isValid method with a null URL queue.
     */
    public void test_isValid_nullUrlQueue() throws Exception {

  /**
   * This classloader disallows {@link java.lang.invoke.VarHandle}, which will prevent us from
   * selecting the {@code VarHandleAtomicHelper} strategy.
   */
  private static final ClassLoader NO_VAR_HANDLE =
      getClassLoader(ImmutableSet.of("java.lang.invoke.VarHandle"));

  /**
   * This classloader disallows {@link java.lang.invoke.VarHandle} and {@link sun.misc.Unsafe},

          AlpnProvider(names),
        )
      putMethod.invoke(null, sslSocket, alpnProvider)
    } catch (e: InvocationTargetException) {
      throw AssertionError("failed to set ALPN", e)
    } catch (e: IllegalAccessException) {
      throw AssertionError("failed to set ALPN", e)
    }
  }

  override fun afterHandshake(sslSocket: SSLSocket) {
    try {
      removeMethod.invoke(null, sslSocket)
    } catch (e: IllegalAccessException) {

            java.lang.reflect.Method method =
                    MultiChannelManager.class.getDeclaredMethod("createChannelTransport", InetAddress.class, InetAddress.class);
            method.setAccessible(true);
            method.invoke(multiChannelManager, null, null);
        });

        // Check that the root cause is CIFSException
        assertTrue(exception instanceof java.lang.reflect.InvocationTargetException);

      Class<?> test = classLoader.loadClass(FuturesTest.class.getName());
      Object testInstance = test.getDeclaredConstructor().newInstance();
      test.getMethod("setUp").invoke(testInstance);
      test.getMethod(getName()).invoke(testInstance);
      test.getMethod("tearDown").invoke(testInstance);
    } finally {
      Thread.currentThread().setContextClassLoader(oldClassLoader);
    }
  }