for LDAP password, etc ## The key in the secret must be 'config.env' ## # extraSecret: minio-extraenv ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. oidc: enabled: false configUrl: "https://identity-provider-url/...

can be useful for LDAP password, etc ## The key in the secret must be 'config.env' ## extraSecret: ~ ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. oidc: enabled: false configUrl: "https://identity-provider-url/...

for LDAP password, etc ## The key in the secret must be 'config.env' ## # extraSecret: minio-extraenv ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html for a tutorial on using these variables. oidc: enabled: false configUrl: "https://identity-provider-url/...

for LDAP password, etc ## The key in the secret must be 'config.env' ## # extraSecret: minio-extraenv ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://docs.min.io/minio/baremetal/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these...

class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view
  // https://publicobject.com (Comodo) and https://squareup.com (Entrust). But they aren't
  // sufficient to connect to most HTTPS sites including https://godaddy.com and https://visa.com.
  // Typically developers will need to get a PEM file from their organization's TLS administrator.
  val comodoRsaCertificationAuthority =
    """

        ChannelInfo channel = new ChannelInfo(channelId, transport, localIf, remoteIf);
        
        // Establish connection
        channel.setState(ChannelState.CONNECTING);
        transport.connect();
        
        // Perform channel binding
        performChannelBinding(channel);
        
        // Add to active channels
        channels.put(channelId, channel);

        assertEquals("HEAD", Method.HEAD.toString());
        assertEquals("OPTIONS", Method.OPTIONS.toString());
        assertEquals("TRACE", Method.TRACE.toString());
        assertEquals("CONNECT", Method.CONNECT.toString());
    }

     */
    public boolean connected() {
        return connected;
    }

    /**
     * Connects to the OpenSearch cluster.
     * Creates a new client and waits for cluster health to be yellow or better.
     */
    public void connect() {
        destroy();
        client = createClient();

        final String[] indices = targetIndices != null ? targetIndices : new String[0];

        this.maxReadWriteSize = RdmaCapabilities.DEFAULT_MAX_READ_WRITE_SIZE;
    }

    /**
     * Establish RDMA connection
     *
     * @throws IOException if connection fails
     */
    public abstract void connect() throws IOException;

    /**
     * Send data using RDMA
     *
     * @param data data buffer to send
     * @param region registered memory region for the data
     * @throws IOException if send fails

## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

A major advantage of certificate-based authentication compared to other STS authentication methods, like OpenID Connect or LDAP/AD, is that client authentication works without any additional/external component that must be constantly available. Therefore, certificate-based authentication may provide better availability / lower operational complexity.