```
~ mc admin config set myminio identity_openid config_url="http://CASDOOR_ENDPOINT/.well-known/openid-configuration" client_id=<client id> client_secret=<client secret> claim_name="tag"
```

> NOTE: As MinIO needs to use a claim attribute in JWT for its policy, you should configure it in casdoor as well. Currently, casdoor uses `tag` as a workaround for configuring MinIO's policy.

Once successfully set restart the MinIO instance.

```

package cmd

import (
	"context"

	"github.com/minio/minio/internal/bucket/lifecycle"
)

// objSweeper determines if a transitioned object needs to be removed from the remote tier.
// A typical usage would be like,
// os := newObjSweeper(bucket, object)
// // Perform a ObjectLayer.GetObjectInfo to fetch object version information
// goiOpts := os.GetOpts()

	// ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible
	// The client needs to remove the SSE-S3 header or the SSE-C headers
	ErrIncompatibleEncryptionMethod = Errorf("Server side encryption specified with both SSE-C and SSE-S3 headers")

  private Closeables() {}

  /**
   * Closes a {@link Closeable}, with control over whether an {@code IOException} may be thrown.
   * This is primarily useful in a finally block, where a thrown exception needs to be logged but
   * not propagated (otherwise the original exception will be lost).
   *
   * <p>If {@code swallowIOException} is true then we never throw {@code IOException} but merely log
   * it.
   *
   * <p>Example:

    @SuppressWarnings("unchecked")
    Class<E> result = classOrNull == null ? (Class<E>) (Class<?>) Object.class : classOrNull;
    return result;
  }

  /*
   * If I understand correctly:
   *
   * This needs to be a @JsMethod so that J2CL knows to look for a JavaScript implemention of
   * it in Platform.native.js. (The JavaScript implementation inline below is visible to *GWT*, but
   * *J2CL* doesn't look at it.)
   *

        // wait for all thread to end
        try {
            endLatch.await();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }

        // despite all are back, we need to make sure all the events are processed (are async)
        // this one should block until all processed
        listener.transferSucceeded(new TransferEvent.Builder(session, resource)

include Minio's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for Minio's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic...

include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic...

include MinIO's own certificate with key `public.crt`, if it also needs to be trusted. For instance, given that TLS is enabled and you need to add trust for MinIO's own CA and for the CA of a Keycloak server, a Kubernetes secret can be created from the certificate files using `kubectl`: ``` kubectl -n minio create secret generic minio-trusted-certs --from-file=public.crt --from-file=keycloak.crt ``` If TLS is not enabled, you would need only the third party CA: ``` kubectl -n minio create secret generic...

      allocationLimit = settings.getMaxConcurrentStreams()

      if (allocationLimit < oldLimit) {
        // We might need new connections to keep policies satisfied
        connectionPool.scheduleOpener(route.address)
      } else if (allocationLimit > oldLimit) {
        // We might no longer need some connections
        connectionPool.scheduleCloser()
      }
    }
  }