tolerations: [] affinity: {} ## Add stateful containers to have security context, if enabled MinIO will run as this ## user and group NOTE: securityContext is only enabled if persistence.enabled=true securityContext: enabled: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 # Additational pod annotations podAnnotations: {} # Additional pod labels podLabels: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 16Gi ##...

tolerations: [] affinity: {} ## Add stateful containers to have security context, if enabled MinIO will run as this ## user and group NOTE: securityContext is only enabled if persistence.enabled=true securityContext: enabled: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 # Additational pod annotations podAnnotations: {} # Additional pod labels podLabels: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: memory: 16Gi ##...

// users from web identity provider such as Facebook, Google, or any OpenID
// Connect-compatible identity provider.
//
// Eg:-
//
//	$ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<jwt>
func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) {
	sts.AssumeRoleWithSSO(w, r)
}

```py
#!/usr/bin/env/env python3
import boto3

s3 = boto3.client('s3',
                  endpoint_url='http://localhost:9000',
                  aws_access_key_id='minio',
                  aws_secret_access_key='minio123',
                  region_name='us-east-1')

r = s3.select_object_content(
    Bucket='mycsvbucket',

	}
	dec := json.NewDecoder(resp.Body)
	if err = dec.Decode(&d); err != nil {
		return d, err
	}
	return d, nil
}

func init() {
	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
	flag.StringVar(&configEndpoint, "config-ep",
		"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")

	expiryDuration time.Duration

	// Bucket to list
	bucketToList string

	// Session policy file
	sessionPolicyFile string
)

func init() {
	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
	flag.StringVar(&ldapUsername, "u", "", "AD/LDAP Username")
	flag.StringVar(&ldapPassword, "p", "", "AD/LDAP Password")
	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")

```
mc admin user list myminio
```

List all enabled or disabled groups.

```
mc admin group list myminio
```

### 8. Configure `mc`

```
mc alias set myminio-newuser http://localhost:9000 newuser newuser123 --api s3v4
mc cat myminio-newuser/my-bucketname/my-objectname
```

### Policy Variables

You can use policy variables in the *Resource* element and in string comparisons in the *Condition* element.

### 3. Configure `mc` and create another user user1 with attached policy user1policy

```
mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4

mc admin user add myminio-admin1 user1 user123
mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
mc admin policy attach myminio-admin1 user1policy --user=user1
```

		want  bool
	}{
		{name: "empty", input: "", want: false},
		{name: "backslashes", input: `\a\a\ \\  \\\\\\\`, want: false},
		{name: "long", input: strings.Repeat("a/", 2000), want: false},
		{name: "long-fail", input: strings.Repeat("a/", 2000) + "../..", want: true},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(b *testing.B) {
			b.SetBytes(int64(len(tt.input)))
			b.ReportAllocs()
			for b.Loop() {

    SignerType: 1
  }
}
```

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Casdoor user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,