- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 141 for Accounts (0.06 sec)
-
docs/site-replication/README.md
Previously, site replication required the root credentials of peer sites to be identical. This is no longer necessary because STS tokens are now signed with the site replicator service account credentials, thus allowing flexibility in the independent management of root accounts across sites and the ability to disable root accounts eventually.
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Tue Aug 12 18:20:36 UTC 2025 - 3.4K bytes - Viewed (0) -
docs/sts/keycloak.md
- `account` client_id is a confidential client that belongs to the realm `{realm}` - `account` client_id is has **Service Accounts Enabled** option enabled. - `account` client_id has a custom "Audience" mapper, in the Mappers section. - Included Client Audience: security-admin-console #### Adding 'admin' Role
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Tue Aug 12 18:20:36 UTC 2025 - 8.1K bytes - Viewed (0) -
docs/sts/ldap.md
### Lookup-Bind A low-privilege read-only LDAP service account is configured in the MinIO server by providing the account's Distinguished Name (DN) and password. This service account is used to perform directory lookups as needed. ``` MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN* (string) DN for LDAP read-only service account used to perform DN and group lookups
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Tue Aug 12 18:20:36 UTC 2025 - 18.9K bytes - Viewed (0) -
cmd/iam-store.go
// For STS policy map, we need to merge the new cache with the existing // cache because the periodic IAM reload is partial. The periodic load // here is to account for STS policy mapping changes that should apply // for service accounts derived from such STS accounts (i.e. LDAP STS // accounts). newCache.iamSTSPolicyMap.Range(func(k string, v MappedPolicy) bool { cache.iamSTSPolicyMap.Store(k, v) return true })
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Fri Aug 29 02:39:48 UTC 2025 - 86.7K bytes - Viewed (0) -
docs/sts/web-identity.md
MINIO_IDENTITY_OPENID_DISPLAY_NAME (string) Friendly display name for this Provider/App MINIO_IDENTITY_OPENID_CONFIG_URL* (url) openid discovery document e.g. "https://accounts.google.com/.well-known/openid-configuration" MINIO_IDENTITY_OPENID_CLIENT_ID* (string) unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Tue Aug 12 18:20:36 UTC 2025 - 18.9K bytes - Viewed (0) -
docs/sts/casdoor.md
``` mc admin config set myminio/ identity_openid KEY: identity_openid enable OpenID SSO support ARGS: config_url* (url) openid discovery document e.g. "https://accounts.google.com/.well-known/openid-configuration" client_id (string) unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com" claim_name (string) JWT canned policy claim name, defaults to "policy"
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Tue Aug 12 18:20:36 UTC 2025 - 6.6K bytes - Viewed (0) -
cmd/admin-handlers-users.go
return } // Permission checks: // // 1. Any type of account (i.e. access keys (previously/still called service // accounts), STS accounts, internal IDP accounts, etc) with the // policy.UpdateServiceAccountAdminAction permission can update any service // account. // // 2. We would like to let a user update their own access keys, however it
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Fri Aug 29 02:39:48 UTC 2025 - 90.6K bytes - Viewed (0) -
cmd/admin-handlers-idp-ldap.go
// account or STS account): requestorUser := cred.AccessKey requestorParentUser := cred.AccessKey requestorGroups := cred.Groups requestorIsDerivedCredential := false if cred.IsServiceAccount() || cred.IsTemp() { requestorParentUser = cred.ParentUser requestorIsDerivedCredential = true } // Check if we are creating svc account for request sender.
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Fri Aug 08 02:46:04 UTC 2025 - 19.2K bytes - Viewed (0) -
cmd/admin-handlers-users_test.go
c.assertSvcAccS3Access(ctx, s, cr, bucket) // 3. Check that svc account can restrict the policy, and that the // session policy can be updated. c.assertSvcAccSessionPolicyUpdate(ctx, s, s.adm, accessKey, bucket) // 4. Check that service account's secret key and account status can be // updated. c.assertSvcAccSecretKeyAndStatusUpdate(ctx, s, s.adm, accessKey, bucket)
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Fri Aug 29 02:39:48 UTC 2025 - 47.4K bytes - Viewed (0) -
cmd/jwt.go
if s3Err != ErrNone { return nil, nil, false, errAuthentication } maps.Copy(claims.MapClaims, eclaims) // if root access is disabled, disable all its service accounts and temporary credentials. if ucred.ParentUser == globalActiveCred.AccessKey && !globalAPIConfig.permitRootAccess() { return nil, nil, false, errAccessKeyDisabled } // Now check if we have a sessionPolicy.
Registered: Sun Sep 07 19:28:11 UTC 2025 - Last Modified: Fri Aug 29 02:39:48 UTC 2025 - 4.5K bytes - Viewed (0)