Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 9 of 9 for Keycloak (0.05 sec)

  2. github.com/minio/minio

    docs/sts/keycloak.md 

    # Keycloak Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services, this document covers configuring Keycloak identity provider support with MinIO.

## Prerequisites

Configure and install keycloak server by following [Keycloak Installation Guide](https://www.keycloak.org/docs/latest/server_installation/#installing-the-software).
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 8.1K bytes
    - Viewed (0)
  3. github.com/minio/minio

    internal/config/identity/openid/jwt_test.go 

    	testConfig := providerCfg{
		DiscoveryDoc: DiscoveryDoc{
			TokenEndpoint: "http://keycloak.test/token/endpoint",
		},
	}
	testKvs := config.KVS{}
	testKvs.Set(Vendor, "keycloak")
	testKvs.Set(KeyCloakRealm, "TestRealm")
	testKvs.Set(KeyCloakAdminURL, "http://keycloak.test/auth/admin")
	cfgGet := func(param string) string {
		return testKvs.Get(param)
	}
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 8.2K bytes
    - Viewed (0)
  4. github.com/minio/minio

    docs/sts/README.md 

    > NOTE: If you are interested in AssumeRole API only, skip to [here](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)

### Prerequisites

- [Configuring keycloak](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md) or [Configuring Casdoor](https://github.com/minio/minio/blob/master/docs/sts/casdoor.md)
- [Configuring etcd](https://github.com/minio/minio/blob/master/docs/sts/etcd.md)
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 7.8K bytes
    - Viewed (0)
  5. github.com/minio/minio

    docs/sts/etcd.md 

    For example, you can configure STS with Client Grants (KeyCloak) using the guides at [MinIO STS Quickstart Guide](https://docs.min.io/community/minio-object-store/developers/security-token-service.html) and [KeyCloak Configuration Guide](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md). Once this is done, STS credentials can be generated:

```
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 3.5K bytes
    - Viewed (0)
  6. github.com/minio/minio

    docs/sts/client-grants.md 

    export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
minio server /mnt/export
```

Testing with an example
> Obtaining client ID and secrets follow [Keycloak configuring documentation](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md)

```
$ go run client-grants.go -cid PoEgXP6uVO45IsENRngDXj5Au5Ya -csec eKsw6z8CtOJVBtrOWvhRWL4TUCga

##### Credentials
{
 "accessKey": "NUIBORZYTV2HG2BMRSXR",
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 7.2K bytes
    - Viewed (0)
  7. github.com/minio/minio

    helm/minio/README.md 

    For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`:

```
kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt
```

If TLS is not enabled, you would need only the third party CA:

```
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 10.9K bytes
    - Viewed (0)
  8. github.com/minio/minio

    internal/config/identity/openid/providercfg.go 

    		RolePolicy:         getCfgVal(RolePolicy),
		UserReadableClaim:  getCfgVal(UserReadableClaim),
		UserIDClaim:        getCfgVal(UserIDClaim),
	}
}

const (
	keyCloakVendor = "keycloak"
)

// initializeProvider initializes if any additional vendor specific information
// was provided, initialization will return an error initial login fails.
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Fri Aug 29 02:39:48 UTC 2025
    - 4.7K bytes
    - Viewed (0)
  9. github.com/minio/minio

    docs/sts/web-identity.md 

    MINIO_IDENTITY_OPENID_KEYCLOAK_REALM        (string)    Specify Keycloak 'realm' name, only honored if vendor was set to 'keycloak' as value, if no realm is specified 'master' is default
MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL    (string)    Specify Keycloak 'admin' REST API endpoint e.g. http://localhost:8080/auth/admin/
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 18.9K bytes
    - Viewed (0)
  10. github.com/minio/minio

    docs/sts/casdoor.md 

    ```
mc admin service restart myminio
```

### Using WebIdentiy API

On another terminal run `web-identity.go` a sample client application which obtains JWT id_tokens from an identity provider, in our case its Keycloak. Uses the returned id_token response to get new temporary credentials from the MinIO server using the STS API call `AssumeRoleWithWebIdentity`.

```
    Registered: Sun Dec 28 19:28:13 UTC 2025
    - Last Modified: Tue Aug 12 18:20:36 UTC 2025
    - 6.6K bytes
    - Viewed (0)
Back to top