}

var (
	stsEndpoint  string
	idpEndpoint  string
	clientID     string
	clientSecret string
)

func init() {
	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
	flag.StringVar(&idpEndpoint, "idp-ep", "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token", "IDP token endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")

// users from web identity provider such as Facebook, Google, or any OpenID
// Connect-compatible identity provider.
//
// Eg:-
//
//	$ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<jwt>
func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) {
	sts.AssumeRoleWithSSO(w, r)
}

)

// Expiration Token durations
// These values are used to validate the expiration time range from
// either the exp claim or MINI_STS_DURATION value
const (
	MinExpiration = 900
	MaxExpiration = 31536000

	expiryDuration time.Duration

	// Bucket to list
	bucketToList string

	// Session policy file
	sessionPolicyFile string
)

func init() {
	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
	flag.StringVar(&ldapUsername, "u", "", "AD/LDAP Username")
	flag.StringVar(&ldapPassword, "p", "", "AD/LDAP Password")
	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")

### 3. Configure `mc` and create another user user1 with attached policy user1policy

```
mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4

mc admin user add myminio-admin1 user1 user123
mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
mc admin policy attach myminio-admin1 user1policy --user=user1
```

		return 0, fmt.Errorf("intentionally unexpected reader error")
	}
	r.pos++
	p[0] = r.mockData
	return 1, nil
}

func TestScannerFailure(t *testing.T) {
	var (
		i         int
		failAfter = 900
		mockData  = byte(32)
	)

	r := newMockReader(failAfter, mockData)
	scanner := newScanner(r)

	for i < 1000 {
		c := scanner.next()
		if c == byte(0) {
			break
		}
		if c != mockData {

[] ## Additional sidecar containers extraContainers: [] ## Internal port number for MinIO S3 API container ## Change service.port to change external port number minioAPIPort: "9000" ## Internal port number for MinIO Browser Console container ## Change consoleService.port to change external port number minioConsolePort: "9001" ## Update strategy for Deployments deploymentUpdate: type: RollingUpdate maxUnavailable: 0 maxSurge: 100% ## Update strategy for StatefulSets statefulSetUpdate: updateStrategy:...

a client certificate.

The following curl example shows how to authenticate to a MinIO server with client certificate and obtain STS access credentials.

```curl
curl -X POST --key private.key --cert public.crt "https://minio:9000?Action=AssumeRoleWithCertificate&Version=2011-06-15&DurationSeconds=3600"
```

```xml
<?xml version="1.0" encoding="UTF-8"?>
<AssumeRoleWithCertificateResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">

"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:auto;src:url(./fonts/fa-solid-900.eot);src:url(./fonts/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(./fonts/fa-solid-900.woff2) format("woff2"),url(./fonts/fa-solid-900.woff) format("woff"),url(./fonts/fa-solid-900.ttf) format("truetype"),url(./fonts/fa-solid-900.svg#fontawesome) format("svg")}.fa,.far,.fas{font-family:"Font Awesome 5 Free"}.fa,.fas{font-weight:900}...

    SignerType: 1
  }
}
```

### Using MinIO Console

- Open MinIO URL on the browser, lets say <http://localhost:9000/>
- Click on `Login with SSO`
- User will be redirected to the Casdoor user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,