Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 246 for claim (0.07 sec)

  1. internal/config/identity/openid/jwt.go

    	// If claim user info is enabled, get claims from userInfo
    	// and overwrite them with the claims from JWT.
    	if ok && pCfg.ClaimUserinfo {
    		if accessToken == "" {
    			return errors.New("access_token is mandatory if user_info claim is enabled")
    		}
    		uclaims, err := pCfg.UserInfo(ctx, accessToken, r.transport)
    		if err != nil {
    			return err
    		}
    		for k, v := range uclaims {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Sep 06 02:46:36 UTC 2024
    - 8.4K bytes
    - Viewed (0)
  2. internal/config/identity/openid/openid.go

    			p.DiscoveryDoc.ScopesSupported = scopes
    		}
    
    		// Check if claim name is the non-default value and role policy is set.
    		if p.ClaimName != policy.PolicyName && p.RolePolicy != "" {
    			// In the unlikely event that the user specifies
    			// `policy.PolicyName` as the claim name explicitly and sets
    			// a role policy, this check is thwarted, but we will be using
    			// the role policy anyway.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 16.6K bytes
    - Viewed (0)
  3. docs/sts/README.md

    decode the id_token to access the payload of the token that includes following JWT claims, `policy` claim is mandatory and should be present as part of your JWT claim. Without this claim the generated credentials will not have access to any resources on the server, using these credentials application would receive 'Access Denied' errors.
    
    | Claim Name | Type                                              | Claim Value                                                                           ...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 25 00:44:15 UTC 2022
    - 7.8K bytes
    - Viewed (0)
  4. docs/sts/web-identity.md

    temporary credentials generated in the AssumeRoleWithWebIdentity call.
    
    2. `id_token` claims: When the role policy is not configured, MinIO looks for a specific claim in the `id_token` (JWT) returned by the OpenID provider in the STS request. The default claim is `policy` and can be overridden by the `claim_name` configuration parameter or the `MINIO_IDENTITY_OPENID_CLAIM_NAME` environment variable. The claim value can be a string (comma-separated list) or an array of IAM access policy names defined...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 18.9K bytes
    - Viewed (0)
  5. cmd/sts-handlers.go

    	// metadata map
    	claims[expClaim] = UTCNow().Add(time.Duration(expiry) * time.Second).Unix()
    	claims[subClaim] = parentUser
    	claims[roleArnClaim] = roleArn.String()
    	claims[parentClaim] = parentUser
    
    	// Add all other claims from the plugin **without** replacing any
    	// existing claims.
    	for k, v := range res.Success.Claims {
    		if _, ok := claims[k]; !ok {
    			claims[k] = v
    		}
    	}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 01:29:20 UTC 2024
    - 33.9K bytes
    - Viewed (0)
  6. docs/sts/keycloak.md

      - Save
    
    - Go to Clients
      - Click on `account`
      - Mappers
      - Create
        - `Name` with any text
        - `Mapper Type` is `User Attribute`
        - `User Attribute` is `policy`
        - `Token Claim Name` is `policy`
        - `Claim JSON Type` is `string`
      - Save
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Sep 29 04:28:45 UTC 2022
    - 8.1K bytes
    - Viewed (0)
  7. docs/sts/casdoor.md

    client_id     (string)    unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"
    claim_name    (string)    JWT canned policy claim name, defaults to "policy"
    claim_prefix  (string)    JWT claim namespace prefix e.g. "customer1/"
    scopes        (csv)       Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Sep 29 04:28:45 UTC 2022
    - 6.6K bytes
    - Viewed (0)
  8. common-protos/k8s.io/api/resource/v1alpha2/generated.proto

      optional ResourceClaimTemplateSpec spec = 2;
    }
    
    // ResourceClaimTemplateList is a collection of claim templates.
    message ResourceClaimTemplateList {
      // Standard list metadata
      // +optional
      optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
    
      // Items is the list of resource claim templates.
      repeated ResourceClaimTemplate items = 2;
    }
    
    Registered: Wed Nov 06 22:53:10 UTC 2024
    - Last Modified: Mon Mar 11 18:43:24 UTC 2024
    - 14.4K bytes
    - Viewed (0)
  9. docs/sts/wso2.md

      "token_type": "Bearer",
      "expires_in": 3600
    }
    ```
    
    ### 4. JWT Claims
    
    The id_token received is a signed JSON Web Token (JWT). Use a JWT decoder to decode the id_token to access the payload of the token that includes following JWT claims:
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Sep 29 04:28:45 UTC 2022
    - 8.7K bytes
    - Viewed (0)
  10. cmd/bucket-policy.go

    	// JWT specific values
    	//
    	// Add all string claims
    	for k, v := range claims {
    		vStr, ok := v.(string)
    		if ok {
    			// Trim any LDAP specific prefix
    			args[strings.ToLower(strings.TrimPrefix(k, "ldap"))] = []string{vStr}
    		}
    	}
    
    	// Add groups claim which could be a list. This will ensure that the claim
    	// `jwt:groups` works.
    	if grpsVal, ok := claims["groups"]; ok {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 8K bytes
    - Viewed (0)
Back to top