## Introduction

MinIO provides a custom STS API that allows integration with LDAP based corporate environments including Microsoft Active Directory. The MinIO server uses a separate LDAP service account to lookup user information. The login flow for a user is as follows:

- User provides their AD/LDAP username and password to the STS API.
- MinIO looks up the user's information (specifically the user's Distinguished Name) in the LDAP server.

- Adding a set of debugging endpoints under prefix "/debug/flowcontrol/*" for dumping internal states of flow-control system with different granularity. ([#90967](https://github.com/kubernetes/kubernetes/pull/90967), [@yue9944882](https://github.com/yue9944882)) [SIG API Machinery]

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

 *  Fix: Acknowledge and apply inbound HTTP/2 settings atomically. Previously we had a race where we
    could use new flow control capacity before acknowledging it, causing strict HTTP/2 servers to
    fail the call.

    /**
     * No trust - information was generated with defaults.
     */
    public static final ArtifactStatus GENERATED = new ArtifactStatus("generated", 1);

    /**
     * Low trust - was converted from the Maven 1.x repository.
     */
    public static final ArtifactStatus CONVERTED = new ArtifactStatus("converted", 2);

    /**
     * Moderate trust - it was deployed directly from a partner.

 *
 * <p>This class is usually preferable to {@link AtomicLong} when multiple threads update a common
 * sum that is used for purposes such as collecting statistics, not for fine-grained synchronization
 * control. Under low update contention, the two classes have similar characteristics. But under
 * high contention, expected throughput of this class is significantly higher, at the expense of
 * higher space consumption.
 *

    // Two differing invalid pairs.
    assertEquals("\uDCABdef", Strings.commonSuffix("abc\uDCAB\uDCABdef", "abc\uDCAC\uDCABdef"));
    // One orphan low surrogate.
    assertEquals("", Strings.commonSuffix("x\uD8AB\uDCAB", "\uDCAB"));
    // Two orphan low surrogates.
    assertEquals("\uDCAB", Strings.commonSuffix("\uDCAB", "\uDCAB"));
  }

  public void testValidSurrogatePairAt() {

#### Conclusion

Overall, the high level config ingestion flow:

```mermaid
graph TD
    sd(Service Discovery)
    cs(ConfigStore)
    ep(Endpoints)
    pc(PushContext)
    sd-->pc
    cs-->pc
    sd-->ep
```

### Config Translation

  {
    "name": "files",
    "path": "platforms/core-runtime/files",
    "unitTests": true,
    "functionalTests": false,
    "crossVersionTests": false
  },
  {
    "name": "flow-services",
    "path": "platforms/core-configuration/flow-services",
    "unitTests": false,
    "functionalTests": true,
    "crossVersionTests": false
  },
  {
    "name": "functional",
    "path": "platforms/core-runtime/functional",

      </Credentials>
   </AssumeRoleWithCertificateResult>
   <ResponseMetadata>
      <RequestId>169339CD8B3A6948</RequestId>
   </ResponseMetadata>
</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.

        * `implicit`
        * `clientCredentials`
        * `authorizationCode`
    * Es gibt jedoch einen bestimmten „Flow“, der perfekt für die direkte Abwicklung der Authentifizierung in derselben Anwendung verwendet werden kann:
        * `password`: Einige der nächsten Kapitel werden Beispiele dafür behandeln.