- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Keycloak user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

## Explore Further

        assertEquals(0, LogStream.level);

        // 1 - critical [default]
        LogStream.setLevel(1);
        assertEquals(1, LogStream.level);

        // 2 - basic info can be logged under load
        LogStream.setLevel(2);
        assertEquals(2, LogStream.level);

        // 3 - almost everything
        LogStream.setLevel(3);
        assertEquals(3, LogStream.level);

                } catch (final IOException e) {
                    content = e.getMessage();
                }
                logger.warn("Failed to login on {}. The http status is {}.\n{}", originalLoginUrl, httpStatusCode, content);
            } else if (logger.isDebugEnabled()) {
                logger.debug("Logged in {}", originalLoginUrl);
            }
        });

    }

    /**

            "The user must change his password before he logs on the first time.", "The object was not found.",
            "The referenced account is currently locked out and may not be logged on to.", "Connection refused",
            "The remote system is not reachable by the transport.",
            "The layered file system driver for this I/O tag did not handle it when needed.",

// criticalErrorHandler handles panics and fatal errors by
// `panic(logger.ErrCritical)` as done by `logger.CriticalIf`.
//
// It should be always the first / highest HTTP handler.
func setCriticalErrorHandler(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		defer func() {
			if rec := recover(); rec == logger.ErrCritical { // handle
				stack := debug.Stack()

That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.

- Open MinIO Console and click `Login with SSO`
- The user will be redirected to the Identity Provider login page
- Upon successful login on Identity Provider page the user will be automatically logged into MinIO Console.

## Explore Further

- [MinIO Admin Complete Guide](https://docs.min.io/community/minio-object-store/reference/minio-mc-admin.html)

		return
	}

	ctx = newContext(r, w, action)

	// Validate the authentication result here so that failures will be audit-logged.
	if apiErrCode != ErrNone {
		stsErr := apiToSTSError(apiErrCode)
		// Borrow the description error from the API error code
		writeSTSErrorResponse(ctx, w, stsErr, errors.New(errorCodes[apiErrCode].Description))

		ng.Go(ctx, func() error {
			// Give 15 seconds to each remote call.
			// Errors are logged but not returned.
			ctx, cancel := context.WithTimeout(ctx, 15*time.Second)
			defer cancel()
			data, err := client.DownloadProfileData(ctx)
			if err != nil {
				reqInfo := (&logger.ReqInfo{}).AppendTags("peerAddress", client.host.String())
				ctx := logger.SetReqInfo(ctx, reqInfo)
				peersLogOnceIf(ctx, err, client.host.String())

			if !healthy && !opts.NoLogging {
				storageLogIf(logger.SetReqInfo(ctx, reqInfo),
					fmt.Errorf("Write quorum could not be established on pool: %d, set: %d, expected write quorum: %d, drives-online: %d",
						poolIdx, setIdx, poolWriteQuorums[poolIdx], erasureSetUpCount[poolIdx][setIdx].online), logger.FatalKind)
			}
			result.Healthy = result.Healthy && healthy