The authentication flow is similar to that of OpenID, however the token is "opaque" to MinIO - it is simply sent to the plugin for verification. CAVEAT: There is no console UI integration for this method of authentication and it is intended primarily for machine authentication.

        if (results == null) {
            return new FileEntry[0];
        }
        return results;
    }

    /**
     * Opens a directory for enumeration
     *
     * @return the opened directory file entry
     * @throws CIFSException if an error occurs opening the directory
     */
    @SuppressWarnings("resource")
    @Override
    protected FileEntry open() throws CIFSException {

import jcifs.internal.SmbBasicFileInfo;
import jcifs.internal.smb1.AndXServerMessageBlock;
import jcifs.internal.util.SMBUtil;

/**
 * SMB1 Open AndX Response message.
 *
 * This response contains information about the opened file,
 * including file ID, attributes, size, and access permissions.
 */
public class SmbComOpenAndXResponse extends AndXServerMessageBlock implements SmbBasicFileInfo {

## Introduction

MinIO provides a custom STS API that allows authentication with client X.509 / TLS certificates.

A major advantage of certificate-based authentication compared to other STS authentication methods, like OpenID Connect or LDAP/AD, is that client authentication works without any additional/external component that must be constantly available. Therefore, certificate-based authentication may provide better availability / lower operational complexity.

import jcifs.internal.smb2.rdma.RdmaChannelInfo;
import jcifs.internal.util.SMBUtil;

/**
 * SMB2 Read request message.
 *
 * This command is used to read data from a file that has been
 * previously opened with a Create request.
 *
 * @author mbechler
 */
public class Smb2ReadRequest extends ServerMessageBlock2Request<Smb2ReadResponse> implements RequestWithFileId {

    /**

	}

	// Close underneath HTTP listener.
	srv.listenerMutex.Lock()
	err := srv.listener.Close()
	srv.listenerMutex.Unlock()
	if err != nil {
		return err
	}

	// Wait for opened connection to be closed up to Shutdown timeout.
	return nil
}

// UseIdleTimeout configure idle connection timeout
func (srv *Server) UseIdleTimeout(d time.Duration) *Server {
	srv.IdleTimeout = d
	return srv

// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package openid

import (
	"bytes"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"net/http/httptest"
	"net/url"
	"sync"
	"testing"
	"time"

	jwtgo "github.com/golang-jwt/jwt/v4"

import jcifs.internal.smb1.ServerMessageBlock;
import jcifs.internal.util.SMBUtil;

/**
 * SMB1 Read AndX request message.
 *
 * This command is used to read data from a file that has been
 * previously opened with an Open command.
 */
public class SmbComReadAndX extends AndXServerMessageBlock {

    private long offset;
    private int fid;
    int openTimeout;
    int maxCount, minCount, remaining;

    /**

the secret must be 'config.env' ## # extraSecret: minio-extraenv ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://docs.min.io/minio/baremetal/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables. oidc: enabled: false configUrl:...

the secret must be 'config.env' ## # extraSecret: minio-extraenv ## OpenID Identity Management ## The following section documents environment variables for enabling external identity management using an OpenID Connect (OIDC)-compatible provider. ## See https://docs.min.io/minio/baremetal/security/openid-external-identity-management/external-authentication-with-openid-identity-provider.html#minio-external-identity-management-openid for a tutorial on using these variables. oidc: enabled: false configUrl:...