`MINIO_IDENTITY_PLUGIN_ROLE_POLICY` is a required parameter and can be list of comma separated policy names.

On setting up the plugin, the MinIO server prints the Role ARN to its log. The Role ARN is generated by default based on the given plugin URL. To avoid this and use a configurable value set a unique role ID via `MINIO_IDENTITY_PLUGIN_ROLE_ID`.

## REST API call to plugin

            return container.lookup(role, roleHint);
        } finally {
            Thread.currentThread().setContextClassLoader(oldClassLoader);
        }
    }

    public Map<String, Object> getPluginComponents(Plugin plugin, String role)
            throws ComponentLookupException, PluginManagerException {

comma-separated list of IAM access policy names already defined in the server. In this situation, the server prints a role ARN at startup that must be specified as a `RoleArn` API request parameter in the STS AssumeRoleWithWebIdentity API call. When using Role Policies, multiple OpenID providers and/or client applications (with unique client IDs) may be configured with independent role policies. Each configuration is assigned a unique RoleARN by the MinIO server and this is used to select the policies...

    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="user"/>
        <jsp:param name="menuType" value="role"/>
    </jsp:include>
    <div class="content-wrapper">
        <div class="content-header">
            <div class="container-fluid">
                <div class="row mb-2">
                    <div class="col-sm-6">

| [**AssumeRole**](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)   | Let MinIO users request temporary credentials using user access and secret keys.                                                              |

### Understanding JWT Claims

	// in Using IAM.
	//
	// Arn is a required field
	Arn string

	// A unique identifier that contains the role ID and the role session name of
	// the role that is being assumed. The role ID is generated by AWS when the
	// role is created.
	//
	// AssumedRoleId is a required field
	AssumedRoleID string `xml:"AssumeRoleId"`
	// contains filtered or unexported fields
}

<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<footer role="contentinfo">
	<div class="container text-center">
		<p class="textmuted">
			<la:message key="labels.footer.copyright" />
		</p>
	</div>

<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%>
<footer role="contentinfo">
	<div class="container text-center">
		<p class="textmuted">
			<la:message key="labels.footer.copyright" />
		</p>
	</div>

			clause.Where{Exprs: []clause.Expression{
				clause.Or(clause.Gt{Column: "score", Value: 100}, clause.Like{Column: "name", Value: "%linus%"}),
			}},
			clause.GroupBy{Columns: []clause.Column{{Name: "role"}}, Having: []clause.Expression{clause.Eq{"role", "admin"}}},
			clause.Limit{Limit: &limit10, Offset: 20},
			clause.OrderBy{Columns: []clause.OrderByColumn{{Column: clause.PrimaryColumn, Desc: true}}},
		}

		for _, clause := range clauses {

//
// Reference: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

const (
	arnPrefixArn        = "arn"
	arnPartitionMinio   = "minio"
	arnServiceIAM       = "iam"
	arnResourceTypeRole = "role"
)

// ARN - representation of resources based on AWS ARNs.
type ARN struct {
	Partition    string
	Service      string
	Region       string
	ResourceType string
	ResourceID   string
}