},
		{
			reqURL:    "http://127.0.0.1:8443/?DurationSeconds=9s",
			expectErr: true,
		},
		{
			reqURL:    "http://127.0.0.1:8443/?DurationSeconds=31536001",
			expectErr: true,
		},
		{
			reqURL:    "http://127.0.0.1:8443/?DurationSeconds=800",
			expectErr: true,
		},
		{
			reqURL:   "http://127.0.0.1:8443/?DurationSeconds=901",
			duration: time.Duration(901) * time.Second,
		},
	}

## API Request Parameters

### Version

| :--        | :--      |
| *Type*     | *String* |
| *Required* | *Yes*    |

### DurationSeconds

The duration, in seconds. The value can range from 900 seconds (15 minutes) up to 365 days. If value is higher than this setting, then operation fails. By default, the value is set to 3600 seconds. If no *DurationSeconds* is specified expiry seconds is obtained from *Token*.

	return &PolicySys{}
}

func getSTSConditionValues(r *http.Request, lc string, cred auth.Credentials) map[string][]string {
	m := make(map[string][]string)
	if d := r.Form.Get("DurationSeconds"); d != "" {
		m["DurationSeconds"] = []string{d}
	}
	return m
}

func getConditionValues(r *http.Request, lc string, cred auth.Credentials) map[string][]string {
	currTime := UTCNow()

	var (
		username = cred.AccessKey

```curl
curl -X POST --key private.key --cert public.crt "https://minio:9000?Action=AssumeRoleWithCertificate&Version=2011-06-15&DurationSeconds=3600"
```

```xml
<?xml version="1.0" encoding="UTF-8"?>
<AssumeRoleWithCertificateResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
   <AssumeRoleWithCertificateResult>
      <Credentials>

| :--        | :--      |
| *Type*     | *String* |
| *Required* | *Yes*    |

### DurationSeconds

The duration, in seconds. The value can range from 900 seconds (15 minutes) up to 365 days. If value is higher than this setting, then operation fails. By default, the value is set to 3600 seconds. If no *DurationSeconds* is specified expiry seconds is obtained from *WebIdentityToken*.

| Params     | Value    |
| :--        | :--      |
| _Type_     | _String_ |
| _Required_ | _Yes_    |

### DurationSeconds

The duration, in seconds. The value can range from 900 seconds (15 minutes) up to 365 days. If value is higher than this setting, then operation fails. By default, the value is set to 3600 seconds.

	stsRoleArn                = "RoleArn"
	stsWebIdentityToken       = "WebIdentityToken"
	stsWebIdentityAccessToken = "WebIdentityAccessToken" // only valid if UserInfo is enabled.
	stsDurationSeconds        = "DurationSeconds"
	stsLDAPUsername           = "LDAPUsername"
	stsLDAPPassword           = "LDAPPassword"
	stsRevokeTokenType        = "TokenRevokeType"

	// STS API action constants
	clientGrants        = "AssumeRoleWithClientGrants"

	if exp == nil || exp.IsZero() || exp.Equal(timeSentinel) {
		return nil
	}
	dur := time.Until(*exp)
	if dur <= 0 {
		return errors.New("unsupported expiration time")
	}
	condValues["DurationSeconds"] = []string{strconv.FormatInt(int64(dur.Seconds()), 10)}
	return nil
}