Keycloak is an open source Identity and Access Management solution aimed at modern applications and services, this document covers configuring Keycloak identity provider support with MinIO.

## Prerequisites

Configure and install keycloak server by following [Keycloak Installation Guide](https://www.keycloak.org/docs/latest/server_installation/#installing-the-software).

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...

     * @return the home drive
     */
    public String getHomeDrive() {
        return this.homeDrive;
    }

    /**
     * Returns the name of the server that authenticated the user.
     * @return the server name
     */
    public String getServerName() {
        return this.serverName;
    }

    /**
     * Returns the user's domain name.
     * @return the domain name

 * This can be a problem if using DFS in it's default configuration as they still return referrals in short form.
 * See <a href="https://support.microsoft.com/en-us/kb/244380">KB-244380</a> for compatible server configuration.
 * See {@link jcifs.Configuration#isDfsConvertToFQDN()} for a workaround.
 */
public class Kerb5Authenticator extends NtlmPasswordAuthenticator {

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;

import jcifs.smb1.util.Hexdump;

/**
 * There are hundreds of error codes that may be returned by a CIFS
 * server. Rather than represent each with it's own <code>Exception</code>
 * class, this class represents all of them. For many of the popular
 * error codes, constants and text messages like "The device is not ready"
 * are provided.

import okhttp3.internal.http2.ConnectionShutdownException
import okhttp3.internal.skipAll
import okio.buffer

/** This is the last interceptor in the chain. It makes a network call to the server. */
object CallServerInterceptor : Interceptor {
  @Throws(IOException::class)
  override fun intercept(chain: Interceptor.Chain): Response {
    val realChain = chain as RealInterceptorChain

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...

    val isMasked = b1 and B1_FLAG_MASK != 0
    if (isMasked == isClient) {
      // Masked payloads must be read on the server. Unmasked payloads must be read on the client.
      throw ProtocolException(
        if (isClient) {
          "Server-sent frames must not be masked."
        } else {
          "Client-sent frames must be masked."
        },
      )
    }

install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio ``` ### Installing certificates from third party CAs MinIO can connect to other servers, including MinIO nodes or other server types such as NATs and Redis. If these servers use certificates that were not registered with a known CA, add trust for these certificates to MinIO Server by bundling these certificates into a Kubernetes secret and providing it to Helm via the `trustedCertsSecret` value. If `.Values.tls.enabled` is `true`...